9.3
CVE-2019-25291 - INIM Electronics Smartliving SmartLAN/G/SI <=6.x Hard-coded Credentials Vulnerability
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving deviβ¦
6.9
CVE-2019-25290 - INIM Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF via GetImage
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through aβ¦
8.7
CVE-2019-25289 - INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root pβ¦
5.1
CVE-2019-25282 - V-SOL GPON/EPON OLT Platform V2.03.62R_IPv6 v2.03 Open Redirect via bindProfile.html
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect meβ¦
6.8
CVE-2019-25279 - FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vulnerability
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without addiβ¦
9.1
CVE-2019-25278 - FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.
8.6
CVE-2019-25268 - NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB β¦
5.1
CVE-2019-25259 - Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that subβ¦
8.5
CVE-2019-25231 - devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to β¦
9.3
CVE-2017-20216 - FLIR Thermal Camera PT-Series firmware version 8.0.0.64 Unauthenticated Remote Command Injection
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() functiβ¦