Sinapsitech: Security Vulnerabilities
These Sinapsi devices do not check the validity of the data before
executing queries. By accessing the SQL table of certain pages that do
not require authentication within the device, attackers can leak
information from the device. This could allow the attacker to compromise
confidentiality.
CVSS Score
7.8
EPSS Score
0.071
Published
2012-11-23
These Sinapsi devices
store hard-coded passwords in the PHP file of the device. By using the
hard-coded passwords in the device, attackers can log into the device
with administrative privileges. This could allow the attacker to have
unauthorized access.
CVSS Score
10.0
EPSS Score
0.195
Published
2012-11-23
These Sinapsi devices do not check for special elements in commands sent
to the system. By accessing certain pages with administrative privileges
that do not require authentication within the device, attackers can
execute arbitrary, unexpected, or dangerous commands directly onto the
operating system.
CVSS Score
10.0
EPSS Score
0.108
Published
2012-11-23
These Sinapsi devices
do not check if users that visit pages within the device have properly
authenticated. By directly visiting the pages within the device,
attackers can gain unauthorized access with administrative privileges.
CVSS Score
9.4
EPSS Score
0.154
Published
2012-11-23