Filtered by vendor Ave
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-21996 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2022-10-26 | 5.0 MEDIUM | 7.5 HIGH |
AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. | |||||
CVE-2020-21994 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. | |||||
CVE-2020-21991 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2021-05-19 | 7.5 HIGH | 9.8 CRITICAL |
AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials. |