Security Vulnerabilities - CVEs Published In January 2025
Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.
CVSS Score
7.4
EPSS Score
0.003
Published
2025-01-10
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack.
CVSS Score
5.9
EPSS Score
0.002
Published
2025-01-10
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.
CVSS Score
8.0
EPSS Score
0.008
Published
2025-01-10
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.
CVSS Score
5.1
EPSS Score
0.007
Published
2025-01-10
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack.
CVSS Score
5.9
EPSS Score
0.003
Published
2025-01-10
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.082
Published
2025-01-10
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8.
CVSS Score
6.4
EPSS Score
0.007
Published
2025-01-10
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.
CVSS Score
8.3
EPSS Score
0.004
Published
2025-01-10
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.
CVSS Score
8.3
EPSS Score
0.004
Published
2025-01-10
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8.
CVSS Score
6.4
EPSS Score
0.007
Published
2025-01-10