A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RCE
CSRF
Ru21 Firmware
Ru21W Firmware
Rl21 Firmware
+2
NVD
GitHub
Exploit-DB
CVSS 3.1
8.8
EPSS
34.5%
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Information Disclosure
Admidio
NVD
GitHub
CVSS 3.1
7.1
EPSS
1.0%