Lucene search
K

191 matches found

ATTACKERKB
ATTACKERKB
added 2023/05/11 12:15 p.m.4 views

CVE-2023-31445

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...

5.3CVSS6.1AI score0.01155EPSS
Exploits1References5
Prion
Prion
added 2023/05/11 12:15 p.m.20 views

Design/Logic Flaw

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...

5CVSS5.3AI score0.01155EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/05/11 12:0 a.m.46 views

CVE-2023-31445

CVE-2023-31445 affects Cassia Access Controller prior to 2.1.1.2203171453. The issue is an unprivileged information-disclosure vulnerability enabling read-only users to enumerate all users and obtain emails, phone numbers, and privileges. The affected version is prior to 2.1.1.2203171453; remedia...

5.3CVSS5.3AI score0.01155EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/05/11 12:0 a.m.23 views

CVE-2023-31445

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...

5.6AI score0.01155EPSS
Exploits1References3
Metasploit
Metasploit
added 2023/01/05 7:49 p.m.417 views

Linear eMerge E3-Series Access Controller Command Injection

This module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in cardscandecoder.php via the No and door HTTP GET parameter. Successful exploitation resul...

10CVSS9.7AI score0.97136EPSS
Exploits16
OSV
OSV
added 2022/10/14 5:15 p.m.3 views

CVE-2021-22685

An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1...

7.5CVSS5.8AI score0.00588EPSS
Exploits0References2
NVD
NVD
added 2022/10/14 5:15 p.m.13 views

CVE-2021-22685

An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1...

7.5CVSS0.00588EPSS
Exploits0References2
Prion
Prion
added 2022/10/14 5:15 p.m.16 views

Design/Logic Flaw

An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1...

5CVSS7.4AI score0.00588EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/10/14 12:0 a.m.16 views

CVE-2021-22685 Cassia Networks Access Controller Path Traversal

An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1...

6.2CVSS7.6AI score0.00588EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.8 views

CVE-2021-22685 Cassia Networks Access Controller Path Traversal

An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1...

6.2CVSS7.4AI score0.00588EPSS
Exploits0References2
CVE
CVE
added 2022/10/14 12:0 a.m.62 views

CVE-2021-22685

The CVE-2021-22685 issue is a path-traversal vulnerability in Cassia Networks Access Controller prior to version 2.0.1. The flaw allows an attacker to use the minify route with a relative path to view arbitrary server files, potentially exposing sensitive data. Affected product: Cassia Networks A...

7.5CVSS6.7AI score0.00588EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/08/28 12:0 a.m.6 views

Tenda M3 缓冲区错误漏洞

Tenda M3 is an access controller from Tenda, China. A security vulnerability exists in Tenda M3 version V1.0.0.124856, which is caused by a stack overflow vulnerability in the formSetAdConfigInfo function. The vulnerability allows an attacker to cause a denial of service DoS via the authIPs...

7.5CVSS7.1AI score0.00854EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/28 12:0 a.m.4 views

Tenda M3 缓冲区错误漏洞

Tenda M3 is an access controller from Tenda, China. A security vulnerability exists in Tenda M3 version V1.0.0.124856, which is caused by a stack overflow vulnerability in the formDelAd function...

7.5CVSS7.3AI score0.00854EPSS
Exploits1References2
CNVD
CNVD
added 2022/07/05 12:0 a.m.26 views

Tenda M3 formSetCfm function stack overflow vulnerability

Tenda M3 is an access controller from Tenda, China. Tenda M3 version V1.0.0.12 is vulnerable to a stack overflow vulnerability, which stems from the formSetCfm function not checking the length of input data. An attacker could exploit this vulnerability to cause a denial of service attack...

7.5CVSS5.2AI score0.01055EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.32 views

Tenda M3 formGetPassengerAnalyseData function stack overflow vulnerability

Tenda M3 is an access controller from Tenda, China. Tenda M3 v1.0.0.12 is vulnerable to a stack overflow vulnerability that stems from the formGetPassengerAnalyseData function not checking the length of the input data. An attacker could exploit this vulnerability to cause a denial of service atta...

7.5CVSS3.5AI score0.01055EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.32 views

Tenda M3 formSetAccessCodeInfo function stack overflow vulnerability

Tenda M3 is an access controller from Tenda, China. Tenda M3 V1.0.0.12 is vulnerable to a stack overflow vulnerability, which stems from the formSetAccessCodeInfo function info parameter not checking the length of the input data. An attacker could exploit this vulnerability to cause a denial of...

7.5CVSS4.1AI score0.01055EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.12 views

Tenda M3 formSetStoreWeb function buffer overflow vulnerability

Tenda M3 is an access controller from Tenda, China. buffer overflow vulnerability exists in Tenda M3 V1.0.0.12, which stems from the ssidList, storeName, trademark parameters of the formSetStoreWeb function that do not check the length of the input data. An attacker can exploit this vulnerability...

7.8CVSS5AI score0.01074EPSS
Exploits1References1
NVD
NVD
added 2022/06/11 10:15 a.m.16 views

CVE-2017-20038

A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file cardscandecoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely...

8.8CVSS0.00673EPSS
Exploits0References2
OSV
OSV
added 2022/06/11 10:15 a.m.3 views

CVE-2017-20038

A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file cardscandecoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely...

8.8CVSS5.6AI score0.00673EPSS
Exploits0References2
OSV
OSV
added 2022/06/11 10:15 a.m.3 views

CVE-2017-20039

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely...

9.8CVSS5.4AI score0.01162EPSS
Exploits0References2
Rows per page
Query Builder