UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.
8.1CVSS
8.1AI Score
0.001EPSS
UltraLog Express device management software stores userβs information in cleartext. Any user can obtain accounts information through a specific page.
8.6CVSS
7.7AI Score
0.002EPSS
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
10CVSS
9.7AI Score
0.002EPSS