CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20021 – Solare Solar-Log File Upload privileges management
https://notcve.org/view.php?id=CVE-2017-20021
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 https://vuldb.com/?id.98931 • CWE-269: Improper Privilege Management CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20020 – Solare Solar-Log cross-site request forgery
https://notcve.org/view.php?id=CVE-2017-20020
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 https://vuldb.com/?id.98930 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20019 – Solare Solar-Log Config information disclosure
https://notcve.org/view.php?id=CVE-2017-20019
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 https://vuldb.com/?id.98929 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 2CVE-2021-34544
https://notcve.org/view.php?id=CVE-2021-34544
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Se ha detectado un problema en Solar-Log 500 versiones anteriores a 2.8.2 Build 52 23.04.2013. En /export.html, email.html y sms.html se almacenan contraseñas en texto sin cifrar. • https://drive.google.com/file/d/1N8Ch1UGNcoocUaPhOe_1mAECOe5kr4pt/view?usp=sharing https://www.exploit-db.com/exploits/49987 https://www.solar-log.com/en/support/firmware • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 2CVE-2021-34543
https://notcve.org/view.php?id=CVE-2021-34543
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. El servidor de administración web en Solar-Log 500 versiones anteriores a 2.8.2 Build 52 no requiere autenticación, lo que permite a atacantes remotos conseguir privilegios administrativos al conectarse al servidor. Como resultado, el atacante puede modificar los archivos de configuración y cambiar el estado del sistema The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. • https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing https://www.exploit-db.com/exploits/49986 https://www.solar-log.com/en/support/firmware • CWE-306: Missing Authentication for Critical Function •