Skip to main content
CVE-2017-16926 CRITICAL POC Act Now

Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ohcount
NVD
CVSS 3.0
9.8
EPSS
6.4%
CVE-2017-2738 CRITICAL Act Now

VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Vcm5010 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-8861 CRITICAL Act Now

Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3960Hd Firmware
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2017-13071 CRITICAL Act Now

QNAP has already patched this vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-8864 CRITICAL Act Now

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE 3960Hd Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-8862 CRITICAL Act Now

The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload 3960Hd Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-8122 CRITICAL Act Now

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-8129 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8128 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8126 CRITICAL Act Now

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8124 CRITICAL Act Now

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8123 CRITICAL Act Now

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8120 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8119 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8117 CRITICAL Act Now

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uma
NVD
CVSS 3.0
9.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy