1103 matches found
OpenBMCS 2.4 Create Admin / Remote Privilege Escalation
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
OpenBMCS 2.4 Unauthenticated SSRF / RFI
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
OpenBMCS 2.4 Secrets Disclosure
Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...
Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control
Summary CLOKI is the pre-installed application on our terminals that provides simple to use access control management and attendance monitoring using any browser IE, Chrome, Firefox, etc.. It is suited for anyone looking for a stand-alone Access Control and Attendance Monitoring system where the...
meterN v1.2.3 Authenticated Remote Command Execution Vulnerability
Summary meterN is a set of PHP/JS files that make a -Home energy metering & monitoring- solution. It accept any meters like : electrical, water, gas, fuel consumption, solar, Wind energy production and so on. Sensors such as temperature or humidity are also accepted. The philosophy is: To keep it...
i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw
Summary The Annexxus camera 6MP provides 4 simultaneous, independently controlled digital pan-tilt-zoom ePTZ video streams, which may be recorded or viewed live as well as a built-in microphone and speaker allowing two way communication. Description The application doesn't allow creation of more...
Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root (Telnet/SSH)
Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection
Summary CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a Linux based platform powered by ARM Cortex-A8 800 MHz superscalar processor. Its on-board standard features make the CTM-200 ideal for mobile fleet applications or fixed site office and...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
FatPipe Networks WARP 10.2.2 Authorization Bypass
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access)
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
ECOA Building Automation System Cookie Poisoning Authentication Bypass
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Path Traversal Arbitrary File Upload
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Weak Default Credentials
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Authorization Bypass / IDOR
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Local File Disclosure Vulnerability
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Arbitrary File Deletion
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Remote Privilege Escalation
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Missing Encryption Of Sensitive Information
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Hard-coded Credentials SSH Access
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Directory Traversal Content Disclosure
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Cross-Site Request Forgery
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Hidden Backdoor Accounts and backdoor() Function
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
ECOA Building Automation System Configuration Download Information Disclosure
Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...
COMMAX WebViewer ActiveX Control 2.1.4.5 (Commax_WebViewer.ocx) Buffer Overflow
Summary COMMAX activex web viewer client 32bit for COMMAX DVR/NVR. Description The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a buffer overflow when a user inserts overly long array of string bytes through several functions...
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass
Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application suffers from an SQL Injection vulnerability. Input passed through the 'id' POST parameter in 'loginstart.asp' is not properly...
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
Summary Biometric access control system. Description The application suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can bypass authentication and disclose sensitive information and circumvent physical controls in smart homes and buildings...
COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure
Summary COMMAX offers a wide range of proven AHD CCTV systems to meet customer needs and convenience in single or multi-family homes. Description The web control panel uses weak set of default administrative credentials that can be easily guessed in remote password attacks and disclose RTSP strea...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose RTSP credentials in plain-text. COMMAX Smart Home Ruvie...
COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS
Summary Biometric access control system. Description The application is vulnerable to an unauthenticated reflected cross-site scripting XSS vulnerability. Input passed to the Cookies 'CMXADMINNM' and 'CMXCOMPLEXNM' is not properly sanitised before being returned to the user. This can be exploited...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application allows an unauthenticated attacker to change the configuration of the DVR arguments and/or cause denial-of-service scenario throug...
COMMAX UMS Client ActiveX Control 1.7.0.2 (CNC_Ctrl.dll) Heap Buffer Overflow
Summary COMMAX activex web viewer client 32bit for COMMAX DVR/NVR. Description The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a heap based buffer overflow when a user inserts overly long array of string bytes through several...
Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password
Summary SANYO network camera and network optional board with the latest H.264 compression technology provide the optimum surveillance applications with high quality real time moving image at low bandwidth. Simultaneous stream of H.264 and JPEG data and also COAX video out to provide flexible...
IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration
Summary IntelliChoice is a United States software company that was founded in 2003, and offers a software title called eFORCE Software Suite. eFORCE Software Suite is law enforcement software, and includes features such as case management, court management, crime scene management, criminal...
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
Summary Battery Energy Management System. Description The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited t...
KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass
Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...
KevinLAB BEMS 1.0 Authenticated File Path Traversal Information Disclosure
Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...
KevinLAB BEMS 1.0 Undocumented Backdoor Account
Summary KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS Building Energy Management System enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of...
Ricon Industrial Cellular Router S9922XL Remote Command Execution
Summary S9922L series LTE router is designed and manufactured by Ricon Mobile Inc., it based on 3G/LTE cellular network technology with industrial class quality. With its embedded cellular module, it widely used in multiple case like ATM connection, remote office security connection, data...
Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation
Summary Easy Anti-Cheat is the industry-leading anti–cheat service, countering hacking and cheating in multiplayer PC games through the use of hybrid anti–cheat mechanisms. Description The application suffers from an unquoted search path issue impacting the service 'EasyAntiCheat' for Windows...
Epic Games Rocket League 1.95 (AK::MemoryMgr::GetPoolName) Stack Buffer Overrun
Summary Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition. Description The game suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the...
Epic Games Psyonix Rocket League <=1.95 Insecure Permissions
Summary Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition. Description The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user tha...
Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities
Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit
Summary Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide rich telephony services. It offers a wide range of features e.g. call forwarding, voicemail, conferencing etc. that can be...
ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation Exploit
Summary EONU-x GEPON ONU layer-3 home gateway/CPE broadband router. Description The application suffers from a privilege escalation vulnerability. The limited administrative user admin:admin can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the...
SOYAL Biometric Access Control System 5.0 CSRF Change Admin Password
Summary Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings. Description The application interface allows users to perform certain actions via HTTP reques...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Privilege Escalation
Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Factory Reset
Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...