Externally Controlled Reference to a Resource in Another Sphere
CVE-2022-32761
Summary
An information disclosure vulnerability exists in the "aVideoEncoderReceiveImage" functionality of WWBN AVideo in versions prior to 12.4. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
References
Advisory Timeline
- Published