Skip to main content
CVE-2017-16523 CRITICAL POC Act Now

MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpt 2541Gnac Firmware Dsl 100Hn T1 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.9%
CVE-2017-1000154 CRITICAL POC Act Now

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mahara
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2017-1000153 CRITICAL POC Act Now

Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mahara
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-1000152 CRITICAL PATCH Act Now

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Mahara
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-1000171 CRITICAL Act Now

Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mahara Mobile
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy