Security Vulnerabilities - CVEs Published In June 2020
The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime. This is similar to CVE-2019-1653.
CVSS Score
5.3
EPSS Score
0.024
Published
2020-06-29
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).
CVSS Score
5.9
EPSS Score
0.008
Published
2020-06-29
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
CVSS Score
5.9
EPSS Score
0.017
Published
2020-06-29
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.)
CVSS Score
8.8
EPSS Score
0.038
Published
2020-06-29
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.
CVSS Score
6.1
EPSS Score
0.157
Published
2020-06-29
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)
CVSS Score
8.8
EPSS Score
0.038
Published
2020-06-29
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-06-29
An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-06-29
An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-06-29
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-29