Security Vulnerabilities - CVEs Published In August 2022
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.
CVSS Score
9.8
EPSS Score
0.05
Published
2022-08-10
UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-08-10
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-08-10
An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulnerability that can allows an attacker to execute arbitrary Web scripts or HTML by injecting a special payload via the title parameter in the foreground contribution, allowing the attacker to obtain sensitive information.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-08-10
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.
CVSS Score
8.8
EPSS Score
0.049
Published
2022-08-10
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.
CVSS Score
9.8
EPSS Score
0.039
Published
2022-08-10
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.
CVSS Score
9.8
EPSS Score
0.05
Published
2022-08-10
Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-08-10
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.
CVSS Score
9.1
EPSS Score
0.007
Published
2022-08-10
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.799
Published
2022-08-10