Search criteria
2 vulnerabilities found for WinAVR by WinAVR
CVE-2020-36938 (GCVE-0-2020-36938)
Vulnerability from nvd – Published: 2026-01-27 15:23 – Updated: 2026-01-27 21:38
VLAI?
Title
WinAVR Version 20100110 - Insecure Folder Permissions
Summary
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
Mohammed Alshehri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T21:09:21.623711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T21:38:08.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WinAVR",
"vendor": "WinAVR",
"versions": [
{
"status": "affected",
"version": "20100110"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohammed Alshehri"
}
],
"datePublic": "2020-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:23:46.919Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49379",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49379"
},
{
"name": "WinAVR Official Project Homepage",
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/winavr/"
},
{
"name": "VulnCheck Advisory: WinAVR Version 20100110 - Insecure Folder Permissions",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/winavr-version-insecure-folder-permissions"
}
],
"title": "WinAVR Version 20100110 - Insecure Folder Permissions",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36938",
"datePublished": "2026-01-27T15:23:46.919Z",
"dateReserved": "2026-01-25T13:50:01.142Z",
"dateUpdated": "2026-01-27T21:38:08.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36938 (GCVE-0-2020-36938)
Vulnerability from cvelistv5 – Published: 2026-01-27 15:23 – Updated: 2026-01-27 21:38
VLAI?
Title
WinAVR Version 20100110 - Insecure Folder Permissions
Summary
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
Mohammed Alshehri
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T21:09:21.623711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T21:38:08.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WinAVR",
"vendor": "WinAVR",
"versions": [
{
"status": "affected",
"version": "20100110"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohammed Alshehri"
}
],
"datePublic": "2020-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T15:23:46.919Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49379",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49379"
},
{
"name": "WinAVR Official Project Homepage",
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/winavr/"
},
{
"name": "VulnCheck Advisory: WinAVR Version 20100110 - Insecure Folder Permissions",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/winavr-version-insecure-folder-permissions"
}
],
"title": "WinAVR Version 20100110 - Insecure Folder Permissions",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36938",
"datePublished": "2026-01-27T15:23:46.919Z",
"dateReserved": "2026-01-25T13:50:01.142Z",
"dateUpdated": "2026-01-27T21:38:08.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}