Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-38452 | 2023-03-21 | N/A | N/A | ||
A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | |||||
CVE-2022-36429 | 2023-03-21 | N/A | N/A | ||
A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
CVE-2022-3843 | 1 Wago | 2 852-111\/000-001, 852-111\/000-001 Firmware | 2023-02-24 | N/A | 9.1 CRITICAL |
In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. | |||||
CVE-2022-3203 | 1 Oringnet | 4 Iap-420, Iap-420\+, Iap-420\+ Firmware and 1 more | 2022-12-06 | N/A | 9.8 CRITICAL |
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot. | |||||
CVE-2020-16204 | 1 Redlion | 4 N-tron 702-w, N-tron 702-w Firmware, N-tron 702m12-w and 1 more | 2022-10-14 | 10.0 HIGH | 9.8 CRITICAL |
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions). | |||||
CVE-2020-12504 | 3 Korenix, Pepperl-fuchs, Westermo | 58 Jetwave 2212g, Jetwave 2212g Firmware, Jetwave 2212s and 55 more | 2022-03-16 | 7.5 HIGH | 9.8 CRITICAL |
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. | |||||
CVE-2021-24867 | 1 Accesspressthemes | 93 Accessbuddy, Accesspress Anonymous Post, Accesspress Basic and 90 more | 2022-03-02 | 7.5 HIGH | 9.8 CRITICAL |
Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion | |||||
CVE-2021-43987 | 1 Myscada | 1 Mypro | 2021-12-29 | 7.5 HIGH | 9.8 CRITICAL |
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. |