Nascent: Security Vulnerabilities
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.
CVSS Score
9.8
EPSS Score
0.049
Published
2021-08-24
In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-24
The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution.
CVSS Score
9.8
EPSS Score
0.089
Published
2021-08-24