Total
801 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25008 | 1 Totolink | 4 Ex1200t, Ex1200t Firmware, Ex300 V2 and 1 more | 2022-04-05 | 5.8 MEDIUM | 8.8 HIGH |
| totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. | |||||
| CVE-2021-46009 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-04-05 | 10.0 HIGH | 9.8 CRITICAL |
| In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. | |||||
| CVE-2021-46006 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication. | |||||
| CVE-2020-15851 | 1 Nakivo | 1 Backup \& Replication Transporter | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories. | |||||
| CVE-2019-19799 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-03-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | |||||
| CVE-2022-25251 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration. | |||||
| CVE-2022-25250 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. | |||||
| CVE-2022-25247 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 10.0 HIGH | 9.8 CRITICAL |
| Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. | |||||
| CVE-2021-44260 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2022-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. | |||||
| CVE-2021-44259 | 1 Wavlink | 2 Wl-wn531g3, Wl-wn531g3 Firmware | 2022-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner. | |||||
| CVE-2021-44262 | 1 Netgear | 6 Mbr1517, Mbr1517 Firmware, Wac104 and 3 more | 2022-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. | |||||
| CVE-2021-44261 | 1 Netgear | 10 R6220, R6220 Firmware, R6900 and 7 more | 2022-03-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. | |||||
| CVE-2022-25922 | 1 Hegemonelectronics | 2 Plc4trucks, Plc4trucks Firmware | 2022-03-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions. | |||||
| CVE-2021-33658 | 1 Huawei | 2 Atune, Openeuler | 2022-03-18 | 4.6 MEDIUM | 7.8 HIGH |
| atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. | |||||
| CVE-2019-18311 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2022-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-18284 | 1 Siemens | 1 Sppa-t3000 Application Server | 2022-03-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change user passwords. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2020-10640 | 1 Emerson | 1 Openenterprise Scada Server | 2022-03-04 | 10.0 HIGH | 9.8 CRITICAL |
| Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service. | |||||
| CVE-2022-24111 | 1 Mahara | 1 Mahara | 2022-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known. | |||||
| CVE-2021-22823 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 5.0 MEDIUM | 9.1 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) | |||||
| CVE-2021-22805 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2022-02-18 | 5.0 MEDIUM | 9.1 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | |||||