Security Vulnerabilities - CVEs Published In 2021
An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.
CVSS Score
8.8
EPSS Score
0.078
Published
2021-12-09
An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.
CVSS Score
8.8
EPSS Score
0.078
Published
2021-12-09
An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.
CVSS Score
8.8
EPSS Score
0.078
Published
2021-12-09
An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999.
CVSS Score
8.8
EPSS Score
0.078
Published
2021-12-09
A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
CVSS Score
7.1
EPSS Score
0.014
Published
2021-12-09
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-12-09
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVSS Score
9.8
EPSS Score
0.368
Published
2021-12-09
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-12-09
A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands.
CVSS Score
6.7
EPSS Score
0.002
Published
2021-12-09
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-12-09