Skip to main content
CVE-2020-15362 CRITICAL POC Act Now

wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wifiscanner
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-15324 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloud Cnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15323 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15322 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15321 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-15320 CRITICAL POC Act Now

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Authentication Bypass Cloudcnm Secumanager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-2021 CRITICAL KEV THREAT Act Now

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Paloalto Pan Os
NVD
CVSS 3.1
10.0
EPSS
4.4%
CVE-2020-15069 CRITICAL KEV THREAT Act Now

Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sophos Xg Firewall Firmware
NVD
CVSS 3.1
9.8
EPSS
10.7%
CVE-2020-14072 CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mk Auth
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-14070 CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Mk Auth
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-14068 CRITICAL Act Now

An issue was discovered in MK-AUTH 19.01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Mk Auth
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-12047 CRITICAL Act Now

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12045 CRITICAL Act Now

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12043 CRITICAL Act Now

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-12040 CRITICAL Act Now

Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-12016 CRITICAL Act Now

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-12041 CRITICAL Act Now

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sigma Spectrum Infusion System Firmware
NVD
CVSS 3.1
9.4
EPSS
1.4%
CVE-2020-12032 CRITICAL Act Now

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Em2400 Firmware Em1200 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy