Skip to main content

Wiser Smart Eer21001 Firmware

6 CVEs product

Monthly

CVE-2022-30238 HIGH This Week

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-30237 HIGH This Week

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-30236 HIGH This Week

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2022-30235 CRITICAL Act Now

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-30234 CRITICAL Act Now

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-30233 MEDIUM This Month

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
EPSS 1% CVSS 8.8
HIGH This Week

A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
EPSS 1% CVSS 8.2
HIGH This Week

A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Wiser Smart Eer21000 Firmware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wiser Smart Eer21000 Firmware Wiser Smart Eer21001 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy