CVE-2021-20074

Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.

Source: CVE-2021-20074

CVE-2021-20072

Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.

Source: CVE-2021-20072

CVE-2021-20071

Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.

Source: CVE-2021-20071

CVE-2021-20069

Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs.

Source: CVE-2021-20069

CVE-2021-20073

Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.

Source: CVE-2021-20073

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.

Source: CVE-2021-20066

CVE-2021-20068

Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.

Source: CVE-2021-20068

CVE-2020-29457

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.

Source: CVE-2020-29457

CVE-2020-11635

The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.

Source: CVE-2020-11635

CVE-2021-20067

Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.

Source: CVE-2021-20067