Lucene search
K

65 matches found

Prion
Prion
added 2021/07/21 3:15 p.m.23 views

Default credentials

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

4CVSS6.4AI score0.00833EPSS
Exploits0References1Affected Software6
Cvelist
Cvelist
added 2021/07/21 10:45 a.m.24 views

CVE-2021-22773

A CWE-620: Unverified Password Change vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker...

6.7AI score0.00833EPSS
Exploits0References1
CVE
CVE
added 2021/07/21 10:45 a.m.47 views

CVE-2021-22773

EVlink City, EVlink Parking, and EVlink Smart Wallbox (Schneider Electric) are affected by CWE-620 Unverified Password Change. All versions prior to R8 V3.4.0.1 allow an attacker connected to the charging station Web UI to modify a user’s password. Root cause: unverified password change mechanism...

6.5CVSS6.4AI score0.00833EPSS
Exploits0References1Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2020/11/24 2:39 p.m.52 views

CVE-2020-7378: OpenCRX Unverified Password Change (FIXED)

OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620. This vulnerability has a CVSSv3 score of 9.1, which is usually CRITICAL, since it effectively allows anyone who can connect to the OpenCRX server to change the...

6.4CVSS9.2AI score0.02617EPSS
Exploits1
OSV
OSV
added 2020/02/06 9:15 p.m.4 views

CVE-2020-6760

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping...

9.8CVSS7.4AI score0.0171EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/06 8:2 p.m.21 views

CVE-2020-6760

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping...

9.7AI score0.0171EPSS
Exploits1References1
CVE
CVE
added 2020/02/06 8:2 p.m.76 views

CVE-2020-6760

CVE-2020-6760 affects the Schmid ZI 620 V400 VPN 090 router. The vulnerability allows an attacker to execute OS commands as root by submitting shell metacharacters to an entry on the SSH subcommand menu, demonstrated by an example like ping. This is a network-based injection risk, with the impact...

10CVSS9.6AI score0.0171EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/02/06 12:0 a.m.1 views

Schmid ZI 620 V400 VPN 090 Router OS Command Injection Vulnerability

The Schmid ZI 620 V400 VPN 090 Router is a router device. An operating system command injection vulnerability exists in the Schmid ZI 620 V400 VPN 090 Router, which can be exploited by an attacker to execute illegal operating system commands, due to a failure of the network system or product to...

10CVSS8AI score0.0171EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/04/26 12:0 a.m.75 views

Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change

Talos Vulnerability Report TALOS-2018-0749 Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change Vulnerability April 25, 2019 CVE Number CVE-2018-4064 Summary An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sier...

0.7AI score0.16106EPSS
Exploits3
Talos
Talos
added 2019/04/25 12:0 a.m.53 views

Sierra Wireless AirLink ES450 ACEManager upload.cgi Unverified Password Change Vulnerability

Summary An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password ...

7.1CVSS7.1AI score0.16106EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2019/01/10 12:0 a.m.7 views

The vulnerability of D-Link DIR-620 router’s microprogramming software, which stems from the use of pre-installed registration data, allows attackers to enhance their privileges and execute arbitrary code.

The vulnerability of D-Link DIR-620 router microprogramming software is related to the use of pre-installed registration data. Exploiting this vulnerability allows a remote attacker to enhance their privileges and execute arbitrary code...

10CVSS5.9AI score
Exploits0References4Affected Software1
Check Point Advisories
Check Point Advisories
added 2018/07/05 12:0 a.m.27 views

D-Link DIR-620 Command Injection (CVE-2018-6211)

A command injection vulnerability exists in D-Link DIR-620 routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands...

9CVSS7.4AI score0.05768EPSS
Exploits1
Prion
Prion
added 2018/06/20 4:29 p.m.20 views

Command injection

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

9CVSS7.3AI score0.05768EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2018/06/20 4:29 p.m.19 views

CVE-2018-6213

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

10CVSS9.7AI score0.0336EPSS
Exploits1References4
Prion
Prion
added 2018/06/20 4:29 p.m.21 views

Cross site scripting

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...

4.3CVSS6AI score0.01761EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2018/06/20 4:29 p.m.5 views

CVE-2018-6213

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

9.8CVSS5.8AI score0.0336EPSS
Exploits1References4
Prion
Prion
added 2018/06/20 4:29 p.m.19 views

Hardcoded credentials

In the web server on D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account...

10CVSS9.5AI score0.0336EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2018/06/20 4:29 p.m.24 views

CVE-2018-6212

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...

6.1CVSS6.1AI score0.01761EPSS
Exploits1References4
NVD
NVD
added 2018/06/20 4:29 p.m.22 views

CVE-2018-6211

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

9CVSS7.4AI score0.05768EPSS
Exploits1References4
OSV
OSV
added 2018/06/20 4:29 p.m.5 views

CVE-2018-6211

On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the resbuf parameter to index.cgi...

7.2CVSS5.8AI score0.05768EPSS
Exploits1References4
Rows per page
Query Builder