Skip to main content
CVE-2020-10569 CRITICAL POC Act Now

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload On Premise
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-11967 CRITICAL Act Now

In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iqrouter Firmware
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-11966 CRITICAL Act Now

In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Iqrouter Firmware
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-11965 CRITICAL Act Now

In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iqrouter Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-11963 CRITICAL Act Now

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Iqrouter Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy