Skip to main content
CVE-2020-7233 CRITICAL POC Act Now

KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bac A1616Bc Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-7232 HIGH POC This Week

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Home
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-7236 MEDIUM POC This Month

UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Uhp 100 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7235 MEDIUM POC This Month

UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Uhp 100 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-7231 MEDIUM POC This Month

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Home
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-7234 MEDIUM POC This Month

Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS R310 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy