Skip to main content
CVE-2019-6487 HIGH POC This Week

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link RCE Command Injection Tl Wdr5620 Firmware Tl Wdr3500 Firmware +3
NVD GitHub
CVSS 3.0
8.8
EPSS
8.5%
CVE-2019-3906 HIGH This Week

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Premisys Id
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-6488 HIGH This Week

The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Glibc
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2019-3908 HIGH This Week

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Premisys Id
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-3907 HIGH This Week

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Premisys Id
NVD
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy