Lucene search
K

6 matches found

CNVD
CNVD
added 2019/04/22 12:0 a.m.3 views

DeepSync Sundray WLAN Controller Command Injection Vulnerability

Sundray WLAN Controller Sundray WAC is a set of wireless LAN controller software from China Sundray Network Technology Sundray. A security vulnerability exists in Sundray WAC 3.7.4.2 and previous versions of WAC. The vulnerability can be exploited by a remote attacker to read the...

10CVSS7.2AI score0.04599EPSS
Exploits0References1
NVD
NVD
added 2019/04/18 11:29 p.m.17 views

CVE-2019-9161

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginxwebconsole.php Cookie header can be used to read an etc/config/wac/wnscfgadmindetail.xm...

10CVSS9.8AI score0.04599EPSS
Exploits0References1
NVD
NVD
added 2019/04/18 10:29 p.m.15 views

CVE-2019-9160

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH on TCP port 22345 and escalate to root because the password for root is the WebUI admin password concatenated with a static string...

10CVSS9.7AI score0.03185EPSS
Exploits0References1
Prion
Prion
added 2019/04/18 10:29 p.m.16 views

Design/Logic Flaw

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH on TCP port 22345 and escalate to root because the password for root is the WebUI admin password concatenated with a static string...

10CVSS9.6AI score0.03185EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/04/18 10:1 p.m.21 views

CVE-2019-9161

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginxwebconsole.php Cookie header can be used to read an etc/config/wac/wnscfgadmindetail.xm...

9.8AI score0.04599EPSS
Exploits0References1
CVE
CVE
added 2019/04/18 10:1 p.m.55 views

CVE-2019-9161

CVE-2019-9161 affects Sangfor Sundray WLAN Controller (WAC) versions 3.7.4.2 and earlier. The issue is a remote code execution vulnerability where shell metacharacters in the nginx_webconsole.php Cookie header allow an attacker to read /etc/config/wac/wns_cfg_admin_detail.xml, exposing the admin ...

10CVSS9.6AI score0.04599EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder