Skip to main content
CVE-2020-10988 CRITICAL POC Act Now

A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Authentication Bypass Ac15 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-10987 CRITICAL POC KEV THREAT Act Now

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac15 Firmware
NVD
CVSS 3.1
9.8
EPSS
79.7%
CVE-2020-11749 CRITICAL POC THREAT Act Now

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Pandora Fms
NVD Exploit-DB
CVSS 3.1
9.0
EPSS
16.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy