Skip to main content
CVE-2020-14473 CRITICAL POC Act Now

Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Vigor300b Firmware Vigor2960 Firmware Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-14472 CRITICAL POC Act Now

On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor300b Firmware Vigor2960 Firmware Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-13484 CRITICAL POC Act Now

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Bitrix24
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-10272 CRITICAL POC Act Now

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-10271 CRITICAL POC Act Now

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-10270 CRITICAL POC Act Now

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-11960 CRITICAL Act Now

Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xiaomi R3600 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-10561 CRITICAL Act Now

An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mijia Inkjet Printer Firmware
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-14095 CRITICAL Act Now

In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Xiaomi R3600 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-14094 CRITICAL Act Now

In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Xiaomi R3600 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-15007 CRITICAL PATCH Act Now

A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Tech 1 Doom Vanille
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-10279 CRITICAL Act Now

MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Privilege Escalation Mir100 Firmware Mir200 Firmware +8
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-10276 CRITICAL Act Now

The password for the safety PLC is the default and thus easy to find (in manuals, etc.). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-10275 CRITICAL Act Now

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-10269 CRITICAL Act Now

One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mir100 Firmware Mir200 Firmware Mir250 Firmware Mir500 Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy