Rp Security Vulnerabilities and Issues — Rp CVE List

cve

CVE-2014-5457

QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the...

6.6AI Score

0.0004EPSS

2022-10-03 04:20 PM

18

cve

CVE-2022-20919

A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS)...

8.6CVSS

7.5AI Score

0.001EPSS

2022-09-30 07:15 PM

55

5

cve

CVE-2022-20848

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of....

8.6CVSS

7.5AI Score

0.001EPSS

2022-09-30 07:15 PM

44

5

cve

CVE-2022-25361

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before...

9.1CVSS

9.1AI Score

0.002EPSS

2022-06-07 02:15 PM

41

3

cve

CVE-2021-34345

A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of NVR Storage Expansion: NVR Storage...

9.8CVSS

9.8AI Score

0.003EPSS

2021-09-10 04:15 AM

30

cve

CVE-2020-3284

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the...

9.8CVSS

9.5AI Score

0.006EPSS

2020-11-06 07:15 PM

39

cve

CVE-2019-6558

In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is...

7.5CVSS

7.4AI Score

0.002EPSS

2020-03-23 09:15 PM

50

cve

CVE-2019-6001

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware.....

6.8CVSS

7.7AI Score

0.005EPSS

2019-08-06 07:15 PM

22

cve

CVE-2019-6000

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware.....

8.8CVSS

9AI Score

0.007EPSS

2019-08-06 07:15 PM

39

cve

CVE-2019-5995

Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version.....

6.5CVSS

6.9AI Score

0.002EPSS

2019-08-06 07:15 PM

33

cve

CVE-2019-5999

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware.....

8.8CVSS

9AI Score

0.007EPSS

2019-08-06 07:15 PM

45

cve

CVE-2019-5998

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware.....

8.8CVSS

9AI Score

0.007EPSS

2019-08-06 07:15 PM

44

cve

CVE-2019-5994

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware.....

8.8CVSS

9AI Score

0.006EPSS

2019-08-06 07:15 PM

29

cve

CVE-2018-5402

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable...

9.1CVSS

8.6AI Score

0.001EPSS

2018-10-08 03:29 PM

46

cve

CVE-2018-5400

The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast...

9.1CVSS

9.1AI Score

0.002EPSS

2018-10-08 03:29 PM

27

cve

CVE-2018-5401

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An....

9.1CVSS

6.3AI Score

0.002EPSS

2018-10-08 03:29 PM

63

cve

CVE-2018-5399

The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only....

9.8CVSS

9.6AI Score

0.002EPSS

2018-10-08 03:29 PM

28

cve

CVE-2016-6558

A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not...

9.8CVSS

9.8AI Score

0.002EPSS

2018-07-13 08:29 PM

16

cve

CVE-2016-6557

In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided.....

8.8CVSS

9AI Score

0.001EPSS

2018-07-13 08:29 PM

20

cve

CVE-2017-14124

In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application...

6.3CVSS

6.3AI Score

0.0004EPSS

2017-09-13 04:29 PM

24

cve

CVE-2007-0559

PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language...

7.5AI Score

0.053EPSS

2007-01-30 04:28 PM

27