Lucene search
K

64 matches found

NVD
NVD
added 2021/02/18 12:15 a.m.33 views

CVE-2020-9306

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account...

8.8CVSS0.01165EPSS
Exploits1References4
OSV
OSV
added 2021/02/18 12:15 a.m.4 views

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

7.8CVSS7.2AI score0.00505EPSS
Exploits1References3
NVD
NVD
added 2021/02/18 12:15 a.m.37 views

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

7.8CVSS0.00505EPSS
Exploits1References3
OSV
OSV
added 2021/02/18 12:15 a.m.5 views

CVE-2020-9306

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account...

8.8CVSS7.3AI score0.01165EPSS
Exploits1References4
Prion
Prion
added 2021/02/18 12:15 a.m.13 views

Directory traversal

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

7.2CVSS7.6AI score0.00505EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/02/18 12:15 a.m.13 views

Hardcoded credentials

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account...

5.8CVSS8.7AI score0.01165EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/02/17 11:11 p.m.28 views

CVE-2020-9306

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account...

8.8CVSS8.8AI score0.01165EPSS
Exploits1References4
CVE
CVE
added 2021/02/17 11:11 p.m.85 views

CVE-2020-9306

CVE-2020-9306 affects Digi ConnectPort X2e devices (SolarCity/Tesla branding) with hardcoded credentials stored in a .pyc-compiled file used at boot. FireEye analysis shows password_manager.pyc in /WEB/python/ contains five plaintext credentials for the python system user, enabling web and SSH ac...

8.8CVSS8.7AI score0.01165EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/02/17 11:7 p.m.35 views

CVE-2020-12878

Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory...

7.7AI score0.00505EPSS
Exploits1References3
CVE
CVE
added 2021/02/17 11:7 p.m.87 views

CVE-2020-12878

CVE-2020-12878 affects Digi ConnectPort X2e devices (pre-3.2.30.6). The issue enables local privilege escalation from the python user to root via a symlink attack involving /WEB/python/.ssh and /etc/init.d/S50dropbear.sh. Exploitation, as described, follows: (1) authenticate as the python user, (...

7.8CVSS8.2AI score0.00505EPSS
Exploits1References3Affected Software1
FireEye
FireEye
added 2021/02/17 12:0 a.m.228 views

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s now owned by Tesla rebranded ConnectPort X2e device...

7.2CVSS8.6AI score0.01165EPSS
Exploits2References21
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.11 views

Digi ConnectPort Backlink Vulnerability

Digi ConnectPort is a server from Digi ConnectPort Digi USA, Inc. It provides wireless communication. A security vulnerability exists in Digi ConnectPort X2e before 3.2.30.6, which allows an attacker to exploit the vulnerability to escalate the privileges of a python user to root via a symbolic...

7.8CVSS7.2AI score0.00505EPSS
Exploits1References3
NVD
NVD
added 2020/02/13 12:15 a.m.16 views

CVE-2020-6973

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition...

6.3CVSS6.2AI score0.00831EPSS
Exploits0References1
OSV
OSV
added 2020/02/13 12:15 a.m.5 views

CVE-2020-6973

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition...

6.2CVSS6.4AI score0.00831EPSS
Exploits0References1
Prion
Prion
added 2020/02/13 12:15 a.m.15 views

Cross site scripting

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition...

6.3CVSS6.1AI score0.00831EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2020/02/12 11:15 p.m.19 views

CVE-2020-6975

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application...

4.9CVSS5.4AI score0.00789EPSS
Exploits0References1
OSV
OSV
added 2020/02/12 11:15 p.m.5 views

CVE-2020-6975

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application...

4.9CVSS5.8AI score0.00789EPSS
Exploits0References1
Prion
Prion
added 2020/02/12 11:15 p.m.15 views

Design/Logic Flaw

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Successful exploitation of this vulnerability could allow an attacker to upload a malicious file to the application...

4CVSS5.3AI score0.00789EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/02/12 11:1 p.m.16 views

CVE-2020-6973

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 82002228K 08/09/2018, bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a denial-of-service condition...

6.2AI score0.00831EPSS
Exploits0References1
CVE
CVE
added 2020/02/12 11:1 p.m.90 views

CVE-2020-6973

CVE-2020-6973 affects Digi International ConnectPort LTS 32 MEI with firmware 1.4.3 (bios 1.2). The advisory documents multiple cross-site scripting vulnerabilities that could lead to a denial-of-service condition. Affected product: ConnectPort LTS 32 MEI (firmware 1.4.3). Root cause: improper ha...

6.3CVSS6.1AI score0.00831EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder