Total
13 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-6614 | 1 Typecho | 1 Typecho | 2024-04-11 | 3.3 LOW | 2.7 LOW |
A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-4467 | 1 Poly | 2 Trio 8800, Trio 8800 Firmware | 2024-04-11 | 6.5 MEDIUM | 6.6 MEDIUM |
A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260. | |||||
CVE-2024-28011 | 2024-04-02 | N/A | N/A | ||
Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet | |||||
CVE-2024-22044 | 2024-03-12 | N/A | 7.5 HIGH | ||
A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot. | |||||
CVE-2023-42134 | 1 Paxtechnology | 3 A50, A920 Pro, Paydroid | 2024-01-19 | N/A | 6.8 MEDIUM |
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability. | |||||
CVE-2022-36429 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2023-12-10 | N/A | 7.2 HIGH |
A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
CVE-2022-38452 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | |||||
CVE-2022-3843 | 1 Wago | 2 852-111\/000-001, 852-111\/000-001 Firmware | 2023-12-10 | N/A | 9.1 CRITICAL |
In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. | |||||
CVE-2022-3203 | 1 Oringnet | 4 Iap-420, Iap-420\+, Iap-420\+ Firmware and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot. | |||||
CVE-2021-24867 | 1 Accesspressthemes | 93 Accessbuddy, Accesspress Anonymous Post, Accesspress Basic and 90 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion | |||||
CVE-2021-43987 | 1 Myscada | 1 Mypro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. | |||||
CVE-2020-12504 | 3 Korenix, Pepperl-fuchs, Westermo | 58 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 55 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | |||||
CVE-2020-16204 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions). |