Security Vulnerabilities - CVEs Published In March 2021
SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1).
CVSS Score
7.8
EPSS Score
0.0
Published
2021-03-25
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).
CVSS Score
7.8
EPSS Score
0.0
Published
2021-03-25
The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).
CVSS Score
7.8
EPSS Score
0.0
Published
2021-03-25
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-03-25
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-03-25
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-03-25
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-03-25
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.
CVSS Score
8.8
EPSS Score
0.032
Published
2021-03-25
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-03-25
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-03-25