» 2021 » 3월

CVE-2020-25218

Posted on 2021년 3월 30일2021년 3월 30일 by admin

CVE-2020-25218

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.

Source: CVE-2020-25218

CVE-2020-25217

Posted on 2021년 3월 30일2021년 3월 30일 by admin

CVE-2020-25217

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.

Source: CVE-2020-25217

CVE-2021-21727

Posted on 2021년 3월 30일2021년 3월 30일 by admin

CVE-2021-21727

A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33>

Source: CVE-2021-21727

CVE-2021-29267

Posted on 2021년 3월 30일2021년 3월 30일 by admin

CVE-2021-29267

Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.

Source: CVE-2021-29267

CVE-2021-27352

Posted on 2021년 3월 30일2021년 3월 30일 by admin

CVE-2021-27352

An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker’s site after a successful login.

Source: CVE-2021-27352

CVE-2019-5317

Posted on 2021년 3월 30일2021년 3월 30일 by admin

CVE-2019-5317

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Source: CVE-2019-5317

CVE-2020-7850

Posted on 2021년 3월 30일2021년 3월 30일 by admin

CVE-2020-7850

NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.

Source: CVE-2020-7850

CVE-2021-23358

Posted on 2021년 3월 29일2021년 3월 30일 by admin

CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

Source: CVE-2021-23358

CVE-2021-28937

Posted on 2021년 3월 29일2021년 3월 29일 by admin

CVE-2021-28937

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP.

Source: CVE-2021-28937

CVE-2021-28936

Posted on 2021년 3월 29일2021년 3월 29일 by admin

CVE-2021-28936

The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required.

Source: CVE-2021-28936