Skip to main content
CVE-2018-20401 CRITICAL POC Act Now

Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 5352 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20400 CRITICAL POC Act Now

Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dvw2108 Firmware Dvw2110 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20399 CRITICAL POC Act Now

Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sbg901 Firmware Sbg941 Firmware Svg1202 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-20398 CRITICAL POC Act Now

Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cm5100 Firmware Cm5100 440 Firmware Cm5100 511 Firmware Cm5100 Ghd00 Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-20397 CRITICAL POC Act Now

mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cbc383Z Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20396 CRITICAL POC Act Now

NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ming2120J Firmware Ming6300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2018-20395 CRITICAL POC Act Now

NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ming6200 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20394 CRITICAL POC Act Now

Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dwg849 Firmware Dwg850 4 Firmware Dwg855 Firmware Twg870 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20393 CRITICAL POC Act Now

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cga0111 Firmware Cga0101 Firmware Dpc3928Sl Firmware Tc7110 Ar Firmware +4
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-20392 CRITICAL POC Act Now

S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dpc2100 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-20391 CRITICAL POC Act Now

TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cbw700N Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20390 CRITICAL POC Act Now

Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0.8 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cg2001 An22A Firmware Cg2001 Udbna Firmware Cg2001 Un2Na Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20389 CRITICAL POC Act Now

D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_1.10 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcm 604 Firmware Dcm 704 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-20388 CRITICAL POC Act Now

Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cm 6200Un Firmware Cm 6300N Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20387 CRITICAL POC Act Now

Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bcw700J Firmware Bcw710J Firmware Bcw710J2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20386 CRITICAL POC Act Now

ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arris Sbg6580 2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2018-20385 CRITICAL POC Act Now

CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cbv38Z4Ec Firmware Cbv38Z4Ecnit Firmware Cbw383G4J Firmware Cbw38G4J Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20384 CRITICAL POC Act Now

iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ib 8120 W21 Firmware Ib 8120 W21E1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20383 CRITICAL POC Act Now

ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arris Dg950A Firmware Dg950S Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2018-20382 CRITICAL POC Act Now

Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bcm93383Wrg Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-20381 CRITICAL POC Act Now

Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dpc2320 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-20380 CRITICAL POC Act Now

Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ambit Ddw2600 Firmware Ambit Ddw2602 Firmware Ambit T60C926 Firmware Ambit U10C019 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-20377 CRITICAL POC Act Now

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
7.7%
CVE-2018-20371 CRITICAL POC Act Now

PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Photorange Photo Vault
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-20331 HIGH POC This Week

Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Buffer Overflow Denial Of Service Anti Virus Lab Atool
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-20406 HIGH POC PATCH This Week

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Python Debian Linux Fedora
NVD GitHub
CVSS 3.0
7.5
EPSS
5.8%
CVE-2018-20409 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1-627. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20408 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1-627. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-20407 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1-627. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-20369 MEDIUM POC This Month

Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Barracuda Message Archiver
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20376 MEDIUM POC This Month

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tinycc
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-20375 MEDIUM POC This Month

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tinycc
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-20374 MEDIUM POC This Month

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tinycc
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-20373 MEDIUM POC This Month

Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tenda Adsl Firmware
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-20372 MEDIUM POC This Month

TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Td W8961Nd Firmware
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-20368 MEDIUM POC This Month

The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Master Slider
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-20402 HIGH This Week

Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fme Server
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-20379 MEDIUM POC This Month

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Dpc3928Sl Firmware
NVD
CVSS 3.0
4.7
EPSS
0.6%
CVE-2018-20405 LOW POC Monitor

BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass XSS Bigtree
NVD GitHub
CVSS 3.1
2.7
EPSS
0.8%
CVE-2018-20370 MEDIUM PATCH This Month

SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Netchat
NVD
CVSS 3.0
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy