Skip to main content
CVE-2021-28937 HIGH POC This Week

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireless N Wifi Repeater Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
5.3%
CVE-2021-28936 HIGH POC This Week

The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wireless N Wifi Repeater Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-23358 HIGH POC PATCH This Week

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Underscore Debian Linux Tenable Sc +1
NVD GitHub
CVSS 3.1
7.2
EPSS
4.1%
CVE-2021-27273 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear RCE Command Injection Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
65.0%
CVE-2021-27243 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-27242 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-27239 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE D6220 Firmware +34
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-25144 HIGH PATCH This Week

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-27275 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Path Traversal Prosafe Network Management System
NVD
CVSS 3.1
8.3
EPSS
73.3%
CVE-2021-27245 HIGH This Week

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

TP-Link Authentication Bypass Archer A7 Firmware
NVD
CVSS 3.1
8.1
EPSS
3.2%
CVE-2021-27240 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Patch Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-28669 HIGH PATCH This Week

Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Altalink B8045 Firmware Altalink B8055 Firmware Altalink B8065 Firmware Altalink B8075 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-25143 HIGH PATCH This Week

A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Aruba Instant Scalance W1750D Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-21727 HIGH This Week

A ZTE product has a DoS vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Denial Of Service Zxhn F623 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-27276 HIGH This Week

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Path Traversal Prosafe Network Management System
NVD
CVSS 3.1
7.1
EPSS
72.5%
CVE-2021-27272 HIGH This Week

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Path Traversal Prosafe Network Management System
NVD
CVSS 3.1
7.1
EPSS
73.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy