Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2020
CVE-2020-10625
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-09
CVE-2020-10629
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-04-09
CVE-2020-10631
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-04-09
CVE-2020-10551
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService.
CVSS Score
7.8
EPSS Score
0.096
Published
2020-04-09
CVE-2020-10621
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-09
CVE-2020-11553
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-04-09
CVE-2020-11554
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-04-09
CVE-2020-11555
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-04-09
CVE-2020-11556
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-09
CVE-2020-11557
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-04-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved