8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36245

GHSA ID

GHSA-q5h6-49gg-2wfg

EPSS Score

0.57529%

CWE

CWE-94

Published

5/24/2022

Updated

9/20/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-36245

CVE-2020-36245: GramAddict bot uses dependency with reverse tcp backdoor

GramAddict before 1.2.5 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36245

GHSA ID

GHSA-q5h6-49gg-2wfg

EPSS Score

0.57529%

CWE

CWE-94

Published

5/24/2022

Updated

9/20/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
GramAddict	pip	< 1.2.5	1.2.5

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*r*m***i*t ***or* *.*.* *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** ****us* o* us* o* UI*utom*tor* *n* *TX-***nt. T** *tt**k*r must ** **l* to r**** T*P port ****, *.*., *y **in* on t** s*m* Wi-*i n*twork.

Reasoning

No *n*lysis *v*il**l*

8.8

Basic Information

Concerned about an active attack path?

CVE-2020-36245: GramAddict bot uses dependency with reverse tcp backdoor

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI