### [CVE-2020-7377](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7377)
![](https://img.shields.io/static/v1?label=Product&message=Metasploit%20Framework&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=4.12.40%3E%3D%204.12.40%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-23%20Relative%20Path%20Traversal&color=brighgreen)

### Description

The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.

### POC

#### Reference
- https://github.com/rapid7/metasploit-framework/issues/14015
- https://github.com/rapid7/metasploit-framework/issues/14015

#### Github
No PoCs found on GitHub currently.