Skip to main content
CVE-2020-6880 CRITICAL Act Now

A ZXELINK wireless controller has a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zxv10 W908 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-28971 CRITICAL PATCH Act Now

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass My Cloud Os 5
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-28970 CRITICAL PATCH Act Now

An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass PHP My Cloud Os 5
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-28940 CRITICAL PATCH Act Now

On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass My Cloud Os 5
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-7548 CRITICAL PATCH Act Now

A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Acti9 Smartlink Si D Firmware Acti9 Smartlink Si B Firmware Acti9 Powertag Link Firmware Acti9 Powertag Link Hd Firmware +3
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-7533 CRITICAL Act Now

commands on the webserver without authentication when sending specially crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Modicon M340 Bmxp3420302 Firmware Modicon M340 Bmxp342000 Firmware Modicon M340 Bmxp341000 Firmware Modicon M340 Bmxp3420102 Firmware +12
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-26762 CRITICAL Act Now

A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ic 3116W Firmware Ic 3140W Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy