Security Vulnerabilities - CVEs Published In April 2017
CloudView NMS before 2.10a has XSS via a TELNET login.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-10
CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-04-10
Netikus EventSentry before 3.2.1.44 has XSS via SNMP.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-04-10
Paessler PRTG before 16.2.24.4045 has XSS via SNMP.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-04-10
Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-04-10
TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-04-10
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-04-10
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
CVSS Score
9.8
EPSS Score
0.01
Published
2017-04-10
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-10
Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-04-10