UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21122
Reference (s):
- https://github.com/youseries/ureport/issues/483