ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions

Summary ZKAccess 3.5 is a desktop software which is suitable for small and medium businesses application. Compatible with all ZKAccess standalone reader controllers, the software can simultaneously manage access control and generate attendance report. The brand new flat GUI design and humanized...

FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation

Summary FLIR TrafiOne is an all-round detection sensor for traffic monitoring and dynamic traffic signal control. Offered in a compact and affordable package, the FLIR TrafiOne uses thermal imaging and Wi-Fi technology to adapt traffic signals based on the presence detection of vehicles, bicycles...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

Dasan Networks GPON ONT WiFi Router H64X Series System Config Download

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway Privilege Escalation

Summary RSLinx Classic is a software platform that allows Logix5000 Programmable Automation Controllers to connect to a wide variety of Rockwell Software applications, and FactoryTalk Linx Gateway is a software that provides an Open Platform Communications OPC Unified Architecture UA server...

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download

Summary NEC's UNIVERGE® SV9100 is the unified communications UC solution of choice for small and medium businesses SMBs who don't want to be left behind. Designed to fit your unique needs, the UNIVERGE SV9100 platform is a powerful communications solution that provides SMBs with the efficient,...

Ovidentia 7.9.4 Multiple Remote Vulnerabilities

Summary Ovidentia is both a content management system CMS and a collaborative environment Groupware. Description Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting...

FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit

Summary FaceSentry 5AN is a revolutionary smart identity management appliance that offers entry via biometric face identification, contactless smart card, staff ID, or QR-code. The QR-code upgrade allows you to share an eKey with guests while you're away from your Office and monitor all activity...

ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions

Summary ZKTime.Net V3.0 is a new generation time attendance management software. Meanwhile, it integrates with time attendance and access control system. Some frequently used functions such as attendance reports, device management and employee management can be managed directly on the home page...

Epic Games Fortnite 4.2-CL-4072250 Insecure File Permissions

Summary Fortnite is a co-op sandbox survival game developed by Epic Games and People Can Fly and published by Epic Games. The game was released as a paid-for early access title for Microsoft Windows, macOS, PlayStation 4 and Xbox One on July 25, 2017, with a full free-to-play release expected in...

TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure Vulnerability

Summary The TL-SC3130G surveillance camera is a versatile solution for your home and office monitoring, whose 54Mbps wireless connectivity enables you to deploy the camera where inaccessible previously by Ethernet connection such as ceiling and walls. This camera can be placed in your living room...

Tenda HG6 v3.3.0 Remote Command Injection Vulnerability

Summary HG6 is an intelligent routing passive optical network terminal in Tenda FTTH solution. HG6 provides 4 LAN ports1GE,3FE, a voice port to meet users' requirements for enjoying the Internet, HD IPTV and VoIP multi-service applications. Description The application suffers from an authenticate...

FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Remote Root Exploit

Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...

Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password

Summary SANYO network camera and network optional board with the latest H.264 compression technology provide the optimum surveillance applications with high quality real time moving image at low bandwidth. Simultaneous stream of H.264 and JPEG data and also COAX video out to provide flexible...

FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure

Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...

Microsoft Internet Explorer 11 Tree::Notify_InvalidateDisplay Null Pointer Dereference

Summary Internet Explorer is a series of graphical web browsers developed by Microsoft and included in the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year. Description The crash is caused due to a NU...

Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution

Summary WebCTRL®, Automated Logic's web-based building automation system, is known for its intuitive user interface and powerful integration capabilities. It allows building operators to optimize and manage all of their building systems - including HVAC, lighting, fire, elevators, and security -...

FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Arbitrary File Disclosure

Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...

MOBOTIX Video Security Cameras CSRF Add Admin Exploit

Summary MOBOTIX is a German System Manufacturer of Professional Video Management VMS and Smart IP Cameras. These cameras support all standard features of MOBOTIX IP cameras like automatic object detection, messaging via network and onboard or network recording. The dual lens thermal system suppor...

KYOCERA Net Admin 3.4 CSRF Add Admin Exploit

Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...

FLIR Systems FLIR AX8 Thermal Camera 1.32.16 RTSP Stream Disclosure

Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...

ABB Cylon Aspect 3.08.01 (combinedStats.php) Information Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated informatio...

Anviz AIM CrossChex Standard 4.3 Excel Macro Injection

Summary Access Control and Time Attendance Management System. Complying with our self-developed fingerprint, facial, iris, etc. devices, CrossChex Standard integrates intelligent management of time attendance and relevant functions of access control. It has been widely used in many office buildin...

ABB Cylon Aspect 3.08.02 (CookieDB) SQL Injection

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an SQL injection through the...

ABB Cylon Aspect 3.08.02 (API/Servlets) Server-Side Request Forgery (SSRF)

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect is affected by multiple Server-Side Request Forgery...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell Access

Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...

Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass

Summary Web Administration of Machine. Description The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the loginpar.j...

NovaRad NovaPACS Diagnostics Viewer v8.5 OOB XXE File Disclosure

Summary NovaPACS revolutionary workflow infrastructure has been designed and developed using the expertise of radiology directors, technicians, PACS administrators for over 20 years. This wealth of imaging experience has lead to over 850 installations in more than 15 countries as well as key...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure

Summary Thermal Imaging Camera For Continuous Condition and Safety Monitoring FLIR AX8 is a thermal sensor with imaging capabilities. Combining thermal and visual cameras in a small, affordable package, the AX8 provides continuous temperature monitoring and alarming capabilities to protec critica...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

DCMTK storescp DICOM storage (C-STORE) SCP Remote Stack Buffer Overflow

Summary DCMTK is a collection of libraries and applications implementing large parts the DICOM standard. It includes software for examining, constructing and converting DICOM image files, handling offline media, sending and receiving images over a network connection, as well as demonstrative imag...

QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability

Summary Digital Signage Software. Description The application suffers from an unauthenticated file disclosure vulnerability when input passed thru the 'filename' parameter when using the download action or thru 'path' parameter when using the getAll action is not properly verified before being...

ABB Cylon Aspect 3.08.01 (oosManagerAjax.php) Information Manipulation

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated informatio...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway XSS Vulnerabilities

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

ABB Cylon Aspect 3.08.02 Cookie User Password Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The application suffers from cleartext transmission and storage of...

ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticat...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Open Redirect

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

ABB Cylon Aspect 4.00.00 (factorySaved.php) Unauthenticated XSS

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BMS/BAS controller suffers from an unauthenticat...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Hidden Features

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

ABB Cylon Aspect 3.08.02 (fileSystemUpdateExecute.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an authenticated OS command...

Epic Games Launcher 7.9.4-4058369 Insecure File Permissions

Summary Epic Games Launcher is a shareware desktop tool that allows you to buy and download games and other products from Epic Games. Through this program, you can get games like Fortnite, Unreal Tournament, Shadow Complex, and Paragon. Also, you can download tools like Unreal Engine and ARK Dev...

Teradek VidiU Pro 3.0.3 CSRF Change Password Exploit

Summary The Teradek VidiU gives you the freedom to broadcast live high definition video directly to the Web without a PC. Whether you're streaming out of a video switcher or wirelessly from your camera, VidiU allows you to go live when you want, where you want. VidiU offers API level integration...

ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) File Write DoS

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated...

Teradek VidiU Pro 3.0.3 SSRF Vulnerability

Summary The Teradek VidiU gives you the freedom to broadcast live high definition video directly to the Web without a PC. Whether you're streaming out of a video switcher or wirelessly from your camera, VidiU allows you to go live when you want, where you want. VidiU offers API level integration...

Sint Wind PI v01.26.19 Authentication Bypass

Summary A Meteo Station software for Raspberry PI. Capability include telephone answering, webcams, digital cameras, web. A Sint Wind is a wind condition and other meteo data telephone answering machine. This implementation uses a Raspberry PI with an Huawei 3G dongle. The Sint Wind is compatible...