Skip to main content
CVE-2020-29583 CRITICAL POC KEV THREAT Act Now

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zyxel Information Disclosure Usg20 Vpn Firmware Usg20W Vpn Firmware Usg40 Firmware +27
NVD
CVSS 3.1
9.8
EPSS
90.0%
CVE-2020-28448 CRITICAL POC PATCH Act Now

This affects the package multi-ini before 2.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Multi Ini
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-25066 CRITICAL Act Now

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Memory Corruption Tcp Ip
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-24683 CRITICAL Act Now

The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-24679 CRITICAL Act Now

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-24675 CRITICAL Act Now

In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-24673 CRITICAL Act Now

In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Symphony Historian Symphony Operations
NVD
CVSS 3.1
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy