Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2021
CVE-2021-33218
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
CVSS Score
9.8
EPSS Score
0.013
Published
2021-07-07
CVE-2021-33219
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-07-07
CVE-2021-33220
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-07-07
CVE-2021-33221
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.
CVSS Score
9.8
EPSS Score
0.902
Published
2021-07-07
CVE-2021-28931
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-07-07
CVE-2021-31925
Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-07-07
CVE-2021-33215
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-07-07
CVE-2021-33216
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.
CVSS Score
9.8
EPSS Score
0.176
Published
2021-07-07
CVE-2021-32534
QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-07-07
CVE-2021-32535
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator’s permission and execute arbitrary functions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-07-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved