Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2021-34218
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-08-20
CVE-2021-34220
Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-20
CVE-2021-34223
Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-20
CVE-2021-34228
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.
CVSS Score
6.1
EPSS Score
0.018
Published
2021-08-20
CVE-2021-34433
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-08-20
CVE-2020-36474
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-08-20
CVE-2020-18877
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-20
CVE-2020-18878
Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-08-20
CVE-2020-18879
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
CVSS Score
9.8
EPSS Score
0.094
Published
2021-08-20
CVE-2020-18885
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.
CVSS Score
7.2
EPSS Score
0.017
Published
2021-08-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved