Skip to main content
CVE-2012-5862 CRITICAL POC THREAT Emergency

These Sinapsi devices store hard-coded passwords in the PHP file of the device. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

PHP Authentication Bypass Sinapsi Firmware Esolar Duo Photovoltaic System Monitor Esolar Light Photovoltaic System Monitor +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
18.3%
Threat
4.0
CVE-2012-5864 CRITICAL POC THREAT Emergency

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

Authentication Bypass Sinapsi Firmware Esolar Duo Photovoltaic System Monitor Esolar Light Photovoltaic System Monitor Esolar Photovoltaic System Monitor
NVD Exploit-DB
CVSS 2.0
9.4
EPSS
18.3%
CVE-2012-5863 CRITICAL POC Act Now

These Sinapsi devices do not check for special elements in commands sent to the system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Sinapsi Firmware Esolar Duo Photovoltaic System Monitor Esolar Light Photovoltaic System Monitor Esolar Photovoltaic System Monitor
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
9.1%
CVE-2012-5759 CRITICAL Act Now

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Websphere Datapower Xc10 Appliance
NVD
CVSS 2.0
9.0
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy