10 matches found
CVE-2021-39245
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101...
CVE-2021-39245
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101...
CVE-2021-39245
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101...
Hardcoded credentials
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101...
Command injection
Authenticated Semi-Blind Command Injection via Parameter Injection exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto...
CVE-2021-39245
CVE-2021-39245 affects Altus Nexto/NX and Hadron Xtorm devices (e.g., Nexto NX3003/3004/3005/3010/3020/3030, NX5100/5101, NX5110, NX5210, Nexto Xpress XP300/315/325/340, Hadron Xtorm HX3040) with 1.7.58.0–1.8.11.0 firmware. Root cause: hardcoded .htaccess credentials for getlogs.cgi enable unauth...
CVE-2021-39245
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101...
CVE-2021-39244
Authenticated Semi-Blind Command Injection via Parameter Injection exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto...
CVE-2021-39244
CVE-2021-39244 is a documented authenticated semi-blind command injection vulnerability affecting Altus Nexto and Hadron Xtorm devices, exposed via the getlogs.cgi tcpdump feature. Affected products/versions (per sources) include Nexto NX3003/ NX3004/ NX3005/ NX3010/ NX3020/ NX3030 (1.8.11.0 or 1...
多款Altus Sistemas de Automacao产品操作系统操作系统命令注入漏洞
The Altus Sistemas de Automacao Nexto NX30xx, among others, is an industrial automation device from the Brazilian company Altus Sistemas de Automacao. An operating system command injection vulnerability exists in several Altus Sistemas de Automacao devices. The vulnerability stems from the tcpdum...