CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 1CVE-2022-47767
https://notcve.org/view.php?id=CVE-2022-47767
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects all Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). Una puerta trasera en los productos Solar-Log Gateway permite el acceso remoto a través de un panel web, obteniendo privilegios de superadministración para el atacante. Esto afecta a todos los dispositivos Solar-Log que utilizan la versión de firmware v4.2.7 hasta v5.1.1 (incluida). A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. • https://www.solar-log.com/en/support/firmware-database-1 https://www.swascan.com/security-advisory-solar-log •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 2CVE-2021-34544
https://notcve.org/view.php?id=CVE-2021-34544
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Se ha detectado un problema en Solar-Log 500 versiones anteriores a 2.8.2 Build 52 23.04.2013. En /export.html, email.html y sms.html se almacenan contraseñas en texto sin cifrar. • https://drive.google.com/file/d/1N8Ch1UGNcoocUaPhOe_1mAECOe5kr4pt/view?usp=sharing https://www.exploit-db.com/exploits/49987 https://www.solar-log.com/en/support/firmware • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 2CVE-2021-34543
https://notcve.org/view.php?id=CVE-2021-34543
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. El servidor de administración web en Solar-Log 500 versiones anteriores a 2.8.2 Build 52 no requiere autenticación, lo que permite a atacantes remotos conseguir privilegios administrativos al conectarse al servidor. Como resultado, el atacante puede modificar los archivos de configuración y cambiar el estado del sistema The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. • https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing https://www.exploit-db.com/exploits/49986 https://www.solar-log.com/en/support/firmware • CWE-306: Missing Authentication for Critical Function •