Security Vulnerabilities - CVEs Published In January 2024
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-01-11
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-01-11
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-01-11
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-01-11
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-01-11
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-01-11
A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Affected by this vulnerability is an unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250237 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-01-11
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.
CVSS Score
7.1
EPSS Score
0.165
Published
2024-01-11
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-01-11
A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250443.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-01-11