Skip to main content

Ultralog Express Firmware

3 CVEs product

Monthly

CVE-2020-3936 CRITICAL Act Now

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ultralog Express Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-3921 HIGH This Week

UltraLog Express device management software stores user’s information in cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ultralog Express Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-3920 HIGH This Week

UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ultralog Express Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
EPSS 1% CVSS 9.8
CRITICAL Act Now

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ultralog Express Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

UltraLog Express device management software stores user’s information in cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ultralog Express Firmware
NVD
EPSS 1% CVSS 8.1
HIGH This Week

UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ultralog Express Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy