Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2020
CVE-2020-35778
Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-12-30
CVE-2020-35779
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-12-30
CVE-2020-10207
Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings.
CVSS Score
9.8
EPSS Score
0.04
Published
2020-12-29
CVE-2020-10210
Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-12-29
CVE-2020-10148
Known exploited
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
CVSS Score
9.8
EPSS Score
0.943
Published
2020-12-29
CVE-2020-16268
The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-12-29
CVE-2020-27643
The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-12-29
CVE-2020-27644
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-12-29
CVE-2020-27645
The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-12-29
CVE-2020-35735
Vidyo 02-09-/D allows clickjacking via the portal/ URI.
CVSS Score
4.7
EPSS Score
0.002
Published
2020-12-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved