|
210761
|
6.5 |
MEDIUM
Network
|
nightowlsp
|
smart_doorbell_firmware
|
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-28713
|
2024-11-21 14:23 |
2021-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210762
|
7.5 |
HIGH
Network
|
dlink
|
dir-895l_mfc_firmware
|
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmw…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-29324
|
2024-11-21 14:23 |
2021-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210763
|
7.5 |
HIGH
Network
|
dlink
|
dir-885l-mfc_firmware
|
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to…
|
CWE-798
CWE-522
Use of Hard-coded Credentials
Insufficiently Protected Credentials
|
CVE-2020-29323
|
2024-11-21 14:23 |
2021-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210764
|
7.5 |
HIGH
Network
|
dlink
|
dir-880l_firmware
|
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and…
|
CWE-798
CWE-522
Use of Hard-coded Credentials
Insufficiently Protected Credentials
|
CVE-2020-29322
|
2024-11-21 14:23 |
2021-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210765
|
7.5 |
HIGH
Network
|
dlink
|
dir-868l_firmware
|
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and…
|
CWE-798
CWE-522
Use of Hard-coded Credentials
Insufficiently Protected Credentials
|
CVE-2020-29321
|
2024-11-21 14:23 |
2021-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210766
|
6.5 |
MEDIUM
Network
|
nagios
|
fusion
|
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-28911
|
2024-11-21 14:23 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210767
|
9.8 |
CRITICAL
Network
|
nagios
|
nagios_xi
|
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28910
|
2024-11-21 14:23 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210768
|
8.8 |
HIGH
Network
|
nagios
|
fusion
|
Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed b…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-28909
|
2024-11-21 14:23 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210769
|
9.8 |
CRITICAL
Network
|
nagios
|
fusion
|
Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.
|
CWE-77
Command Injection
|
CVE-2020-28908
|
2024-11-21 14:23 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210770
|
9.8 |
CRITICAL
Network
|
nagios
|
fusion
|
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-28907
|
2024-11-21 14:23 |
2021-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
