Security Vulnerabilities - CVEs Published In February 2020
Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-02-06
Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information.
CVSS Score
5.3
EPSS Score
0.125
Published
2020-02-06
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.045
Published
2020-02-06
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-02-06
A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-02-06
A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code
CVSS Score
8.8
EPSS Score
0.044
Published
2020-02-06
A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-02-06
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.
CVSS Score
4.6
EPSS Score
0.002
Published
2020-02-06
Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
CVSS Score
6.2
EPSS Score
0.002
Published
2020-02-06
Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-02-06