|
212181
|
6.8 |
MEDIUM
Physics
|
niscomed
|
m1000_multipara_patient_monitor_firmware
|
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15483
|
2024-11-21 14:05 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212182
|
7.8 |
HIGH
Local
|
niscomed
|
m1000_multipara_patient_monitor_firmware
|
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker …
|
CWE-287
CWE-319
Improper Authentication
Cleartext Transmission of Sensitive Information
|
CVE-2020-15482
|
2024-11-21 14:05 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212183
|
7.5 |
HIGH
Network
|
niscomed
|
m1000_multipara_patient_monitor_firmware
|
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-15484
|
2024-11-21 14:05 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212184
|
6.1 |
MEDIUM
Network
|
asus
|
rt-ac1900p_firmware
|
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-15499
|
2024-11-21 14:05 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212185
|
5.9 |
MEDIUM
Network
|
asus
|
rt-ac1900p_firmware
|
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-15498
|
2024-11-21 14:05 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212186
|
8.8 |
HIGH
Network
|
marvell
|
qconvergeconsole
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability,…
|
-
|
CVE-2020-15645
|
2024-11-21 14:05 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212187
|
8.8 |
HIGH
Network
|
marvell
|
qconvergeconsole
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability,…
|
-
|
CVE-2020-15644
|
2024-11-21 14:05 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212188
|
8.8 |
HIGH
Network
|
marvell
|
qconvergeconsole
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability,…
|
-
|
CVE-2020-15643
|
2024-11-21 14:05 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212189
|
8.8 |
HIGH
Network
|
marvell
|
qconvergeconsole
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit th…
|
CWE-78
OS Command
|
CVE-2020-15642
|
2024-11-21 14:05 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212190
|
7.5 |
HIGH
Network
|
marvell
|
qconvergeconsole
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerabili…
|
-
|
CVE-2020-15641
|
2024-11-21 14:05 |
2020-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
