Hgiga: Security Vulnerabilities
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-03-27
HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-03-27
HGiga PowerStation remote management function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-03-27
HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution.
CVSS Score
9.8
EPSS Score
0.033
Published
2023-03-27
HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-03-27
OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.
CVSS Score
8.8
EPSS Score
0.01
Published
2022-08-30
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
CVSS Score
9.8
EPSS Score
0.082
Published
2021-09-15
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
CVSS Score
9.8
EPSS Score
0.082
Published
2021-09-15
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.
CVSS Score
7.0
EPSS Score
0.004
Published
2021-03-18
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-01-19