Skip to main content

Externally Controlled Reference to a Resource in Another Sphere

CVE-2022-32761

Severity Medium
Score 6.5/10

Summary

An information disclosure vulnerability exists in the "aVideoEncoderReceiveImage" functionality of WWBN AVideo in versions prior to 12.4. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Advisory Timeline

  • Published