CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/06/21 12:0 a.m.•12 views

CVE-2024-37654

6.6AI score0.00243EPSS

CNNVD•added 2024/06/21 12:0 a.m.•2 views

Multiple BAS-IP Products Security Breach

BAS-IP AV Series and others are products of BAS-IP Corporation.BAS-IP AV Series is a series of smart personal entrance panels.BAS-IP AA Series is a series of smart apartment entrance panels.BAS-IP BA Series is a series of visual intercom outdoor entrance panels. A security vulnerability exists in...

6.1CVSS6.5AI score0.00243EPSS

Exploits0References2

CVE•added 2024/06/21 12:0 a.m.•49 views

CVE-2024-37654

CVE-2024-37654 affects BAS-IP AV-01D/AV-01MD/AV-01MFD/AV-01ED/AV-01KD/AV-01BD/AV-01KBD/AV-02D/AV-02IDE/AV-02IDR/AV-02IPD/AV-02FDE/AV-02FDR/AV-03D/AV-03BD/AV-04AFD/AV-04ASD/AV-04FD/AV-04SD/AV-05FD/AV-05SD/AA-07BD/AA-07BDI/BA-04BD/BA-04MD/BA-08BD/BA-08MD/BA-12BD/BA-12MD/CR-02BD before version 3.9.2...

6.1CVSS6.4AI score0.00243EPSS

Cvelist•added 2024/06/21 12:0 a.m.•16 views

CVE-2024-37654

0.00243EPSS

The Hacker News•added 2024/01/26 11:4 a.m.•25 views

Perfecting the Defense-in-Depth Strategy with Automation

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern...

7.1AI score

VulnCheck KEV•added 2024/01/22 12:0 a.m.•2 views

VulnCheck KEV: CVE-2021-41293

ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system information...

7.5CVSS7.2AI score0.20084EPSS

Exploits1References1

The Hacker News•added 2024/01/12 1:5 p.m.•29 views

Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO

Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a...

7.2AI score

Openbugbounty•added 2023/11/19 8:45 a.m.•5 views

bas-soft.eu Cross Site Scripting vulnerability OBB-3783893

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.3AI score

Openbugbounty•added 2022/10/08 1:15 p.m.•8 views

bas-shoes.ru Cross Site Scripting vulnerability OBB-2983816

Trellix•added 2022/08/25 12:0 a.m.•12 views

A Door Isn’t a Door When It’s Ajar - Part 3

A Door Isn’t a Door When It’s Ajar - Part III By Trellix · August 25, 2022 This story was also written by Steve Povolny and Sam Quinn Contents Installing OnGuard by Third Party Vendor Exploitation and Hacking the Planet! Putting it all Together Building the Final Demo System The Demo Lessons and...

7.7AI score

Exploit DB•added 2022/04/19 12:0 a.m.•320 views

Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)

Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting XSS Exploit Author: LiquidWorm enteliTouch XSS input type="hidden" nam...

7AI score

CNVD•added 2021/10/08 12:0 a.m.•14 views

ECOA BAS controller information disclosure vulnerability

ECOA BAS controller is a building automation controller. ECOA BAS controller handles HTTP GET requests and is vulnerable to information disclosure, which can be exploited by remote attackers to submit ad hoc requests that can obtain sensitive information...

10CVSS1.9AI score0.01926EPSS

CNVD•added 2021/10/08 12:0 a.m.•25 views

ECOA BAS controller arbitrary file upload vulnerability

ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to arbitrary file uploads, which can be exploited to send specially crafted URL requests to the /upload URI with the file name and rbt parameters containing The "dot"...

10CVSS2.9AI score0.02248EPSS

CNVD•added 2021/10/08 12:0 a.m.•24 views

ECOA BAS controller hard-coded credential vulnerability

ECOA BAS controller is a BAS controller developed by Ecoa Technologies Corp in Taiwan, China. ECOA BAS controller is vulnerable to hard-coded credentials, which can be exploited by attackers to directly log in and gain administrator control privileges...

10CVSS4.9AI score0.01989EPSS

CNVD•added 2021/10/08 12:0 a.m.•17 views

ECOA BAS controller information disclosure vulnerability (CNVD-2021-83644)

ECOA BAS controller is a smart lighting control solution. ECOA BAS controller is vulnerable to information disclosure, which can be exploited by remote attackers to submit special requests that can obtain sensitive information...

5CVSS3.4AI score0.00415EPSS

CNVD•added 2021/10/08 12:0 a.m.•17 views

ECOA BAS controller weak password vulnerability

ECOA BAS controller is an intelligent lighting control solution. ECOA BAS controller has a weak password vulnerability that could be exploited by attackers to gain full control of the system...

5CVSS3.6AI score0.00919EPSS