Contec: Security Vulnerabilities
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).
CVSS Score
8.0
EPSS Score
0.005
Published
2022-09-26
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-09-26
The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-08-16
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
CVSS Score
6.1
EPSS Score
0.08
Published
2022-06-21
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.
CVSS Score
9.8
EPSS Score
0.014
Published
2022-06-21
SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.
CVSS Score
7.5
EPSS Score
0.823
Published
2022-05-12
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-05-12
CVE-2022-29303
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2022-05-12
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-02-24
Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
CVSS Score
8.1
EPSS Score
0.012
Published
2021-02-24