Skip to main content

M Dge Firmware

9 CVEs product

Monthly

CVE-2021-20075 HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation M Dge Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-20074 HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection M Dge Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-20073 HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF M Dge Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-20072 HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal M Dge Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-20071 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20070 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20069 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20068 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS M Dge Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20067 MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M Dge Firmware
NVD
CVSS 3.1
5.3
EPSS
0.8%
EPSS 0% CVSS 7.8
HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation M Dge Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection M Dge Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF M Dge Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal M Dge Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS M Dge Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS M Dge Firmware
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M Dge Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy