Skip to main content

Nedi

21 CVEs product

Monthly

CVE-2022-40895 CRITICAL POC Act Now

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nedi
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2021-26753 CRITICAL POC Act Now

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Nedi
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2021-26752 HIGH POC This Week

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nedi
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-26751 HIGH POC This Week

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nedi
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-23989 MEDIUM POC This Month

NeDi 1.9C allows pwsec.php oid XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-23868 MEDIUM POC This Month

NeDi 1.9C allows inc/rt-popup.php d XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15035 MEDIUM PATCH This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15034 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15033 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15032 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15031 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15030 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15029 MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15028 MEDIUM This Month

NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15037 MEDIUM POC This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15036 MEDIUM POC This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-14414 HIGH This Week

NeDi 1.9C is vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Command Injection PHP Nedi
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-14413 MEDIUM POC This Month

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
6.1
EPSS
3.4%
CVE-2020-14412 HIGH This Week

NeDi 1.9C is vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Command Injection PHP Nedi
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2020-15017 MEDIUM This Month

NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15016 MEDIUM This Month

NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nedi
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL POC Act Now

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Nedi
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Nedi
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Nedi
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

NeDi 1.9C allows pwsec.php oid XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

NeDi 1.9C allows inc/rt-popup.php d XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 4% CVSS 8.8
HIGH This Week

NeDi 1.9C is vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Command Injection PHP +1
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM POC This Month

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 4% CVSS 8.8
HIGH This Week

NeDi 1.9C is vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Command Injection PHP +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

NeDi 1.9C is vulnerable to reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nedi
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy