CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2024-10121 – wfh45678 Radar Interface authorization
https://notcve.org/view.php?id=CVE-2024-10121
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/weliveby/ForCVE/blob/main/radar%20Authentication%20bypass%20vulnerability.md https://vuldb.com/?ctiid.280913 https://vuldb.com/?id.280913 https://vuldb.com/?submit.420960 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2024-10120 – wfh45678 Radar upload unrestricted upload
https://notcve.org/view.php?id=CVE-2024-10120
A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/weliveby/ForCVE/blob/main/radar%20Arbitrary%20file%20upload%20vulnerability.md https://vuldb.com/?ctiid.280912 https://vuldb.com/?id.280912 https://vuldb.com/?submit.420959 • CWE-434: Unrestricted Upload of File with Dangerous Type •