Security Vulnerabilities - CVEs Published In October 2020
CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work.
CVSS Score
8.1
EPSS Score
0.001
Published
2020-10-02
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
CVSS Score
9.8
EPSS Score
0.917
Published
2020-10-02
A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.
CVSS Score
9.8
EPSS Score
0.059
Published
2020-10-02
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-10-02
An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
CVSS Score
7.5
EPSS Score
0.197
Published
2020-10-02
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-10-02
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
CVSS Score
7.5
EPSS Score
0.317
Published
2020-10-02
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-10-02
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
CVSS Score
7.8
EPSS Score
0.113
Published
2020-10-02
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-10-02