Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
CVE-2021-25810
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-04-29
CVE-2021-25811
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-04-29
CVE-2021-25812
Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.
CVSS Score
9.8
EPSS Score
0.041
Published
2021-04-29
CVE-2021-29350
SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php.
CVSS Score
7.2
EPSS Score
0.005
Published
2021-04-29
CVE-2021-30227
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-29
CVE-2021-30228
The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter.
CVSS Score
9.8
EPSS Score
0.032
Published
2021-04-29
CVE-2021-30027
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-29
CVE-2021-30218
samurai 1.2 has a NULL pointer dereference in writefile() in util.c via a crafted build file.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-04-29
CVE-2021-30219
samurai 1.2 has a NULL pointer dereference in printstatus() function in build.c via a crafted build file.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-04-29
CVE-2021-30224
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-04-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved