Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2020
CVE-2020-9027
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.
CVSS Score
9.8
EPSS Score
0.032
Published
2020-02-17
CVE-2020-9028
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-17
CVE-2020-9029
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17
CVE-2020-9030
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17
CVE-2020-9031
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17
CVE-2020-9032
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17
CVE-2020-9033
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-02-17
CVE-2020-9021
Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-02-17
CVE-2020-9022
An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved