Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2020
CVE-2020-12282
iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)
CVSS Score
8.8
EPSS Score
0.002
Published
2020-09-24
CVE-2020-12837
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-09-24
CVE-2020-12838
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-24
CVE-2020-12839
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-24
CVE-2020-12840
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
CVSS Score
6.5
EPSS Score
0.002
Published
2020-09-24
CVE-2020-12841
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php
CVSS Score
6.5
EPSS Score
0.002
Published
2020-09-24
CVE-2020-26088
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-09-24
CVE-2020-15840
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-09-24
CVE-2020-24365
An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)
CVSS Score
8.8
EPSS Score
0.125
Published
2020-09-24
CVE-2020-12280
iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-09-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved