21 matches found
CVE-2020-10248
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to valusers.php3...
CVE-2020-10250
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3...
EUVD-2020-2703
Malware in sbrugna...
EUVD-2020-2704
Malware in sbrugna...
EUVD-2020-2705
Malware in sbrugna...
CVE-2020-10249
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to valsoft.php3...
BWA DiREX-Pro Password Disclosure Vulnerability
The BWA DiREX-Pro is a digital video recorder. A password disclosure vulnerability exists in BWA DiREX-Pro 1.2181. A remote attacker can exploit this vulnerability by directly requesting valusers.php3 to obtain a password...
BWA DiREX-Pro Remote Code Execution Vulnerability
BWA Technology DiREX-Pro is a network video recorder from BWA Technology, Germany. A security vulnerability exists in BWA Technology DiREX-Pro version 1.2181. The vulnerability can be exploited by a remote attacker to execute arbitrary operating system commands by sending the 'PKG' parameter with...
CVE-2020-10250
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3...
CVE-2020-10248
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to valusers.php3...
CVE-2020-10250
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3...
CVE-2020-10249
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to valsoft.php3...
CVE-2020-10248
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to valusers.php3...
Path traversal
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to valsoft.php3...
Design/Logic Flaw
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to valusers.php3...
Design/Logic Flaw
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3...
CVE-2020-10248
CVE-2020-10248 affects BWA DiREX-Pro 1.2181 devices. Multiple connected sources (Red Hat, CNVD, CVE lists) describe a vulnerability where a remote attacker can disclose passwords by issuing a direct request to val_users.php3. The fixed/software patch status or remediation steps are not detailed i...
CVE-2020-10249
CVE-2020-10249 affects BWA DiREX-Pro 1.2181 devices. A vulnerability in the val_soft.php3 component allows full path disclosure via an invalid name array parameter, exposing the filesystem path and compromising confidentiality. The issue is described across multiple sources as a path traversal-st...
CVE-2020-10249
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to valsoft.php3...
CVE-2020-10250
BWA DiREX‑Pro 1.2181 devices are affected by CVE-2020-10250: remote attackers can execute arbitrary OS commands through shell metacharacters in the PKG parameter to uninstall.php3. Root cause is unsafely handling the PKG input, enabling command injection. Documented impact is remote code executio...