Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2021-46417
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.
CVSS Score
7.5
EPSS Score
0.922
Published
2022-04-07
CVE-2022-23900
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.
CVSS Score
9.8
EPSS Score
0.058
Published
2022-04-07
CVE-2020-27374
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-07
CVE-2020-27375
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-04-07
CVE-2020-27376
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-04-07
CVE-2022-27818
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.
CVSS Score
9.1
EPSS Score
0.005
Published
2022-04-07
CVE-2022-27819
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).
CVSS Score
5.3
EPSS Score
0.002
Published
2022-04-07
CVE-2020-27373
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-07
CVE-2020-22253
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-04-06
CVE-2022-26605
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-04-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved