CVSS: 10.0EPSS: 93%CPEs: 2EXPL: 2CVE-2022-40881
https://notcve.org/view.php?id=CVE-2022-40881
17 Nov 2022 — SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php Se descubrió que SolarView Compact 6.00 contiene una vulnerabilidad de inyección de comandos a través de network_test.php • https://github.com/yilin1203/CVE-2022-40881 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2022-36159
https://notcve.org/view.php?id=CVE-2022-36159
26 Sep 2022 — Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. Se ha detectado que Contec FXA3200 versiones 1.13 y anteriores, contienen una contraseña hash embebida para root almacenada en el componente /etc/... • https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 1CVE-2022-36158
https://notcve.org/view.php?id=CVE-2022-36158
26 Sep 2022 — Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). Contec FXA3200 versiones 1.13.00 y anteriores, sufre de permisos no seguros en la interfaz del Wireless LAN Manager, lo que permite a actores maliciosos ejecutar comandos de Linux con privilegios de root por medio de una página web oculta (/usr/www/ja/mnt_cmd.cgi). • https://gist.github.com/Nwqda/aac33d1936d2b514a3268f145345abb4 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35239
https://notcve.org/view.php?id=CVE-2022-35239
16 Aug 2022 — The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file. La página de administración de archivos de imagen de SolarView Compact SV-CPT-MC310 Versiones 7.23 y anteriores, y SV-CPT-MC310F Versiones 7.23 y anteriores, contiene u... • https://jvn.jp/en/vu/JVNVU93696585 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2022-31374
https://notcve.org/view.php?id=CVE-2022-31374
21 Jun 2022 — An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file. Una vulnerabilidad de carga de archivos arbitrarios /images/background/1.php en SolarView Compact versión 6.0, permite a atacantes ejecutar código arbitrario por medio de un archivo php diseñado • https://github.com/badboycxcc/SolarView_Compact_6.0_upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 7%CPEs: 2EXPL: 1CVE-2022-31373
https://notcve.org/view.php?id=CVE-2022-31373
21 Jun 2022 — SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. Se ha detectado que SolarView Compact versión v6.0, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente Solar_AiConf.php • https://github.com/badboycxcc/SolarView_Compact_6.0_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 6CVE-2022-29303 – SolarView Compact Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-29303
12 May 2022 — SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. Se ha detectado que SolarView Compact versión 6.00, contiene una vulnerabilidad de inyección de comandos por medio del archivo conf_mail.php SolarView Compact version 6.0 suffers from a command injection vulnerability. SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server. • https://packetstorm.news/files/id/167183 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-29302
https://notcve.org/view.php?id=CVE-2022-29302
12 May 2022 — SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. Se ha detectado que SolarView Compact versión 6.00, contiene una divulgación de archivos locales por medio del archivo /html/Solar_Ftp.php • https://drive.google.com/file/d/1Bfyk1Nx51HbFGYuDNFKoDxUrloEj-Rzx/view?usp=sharing • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 93%CPEs: 2EXPL: 4CVE-2022-29298 – SolarView Compact 6.00 - Directory Traversal
https://notcve.org/view.php?id=CVE-2022-29298
12 May 2022 — SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. SolarView Compact ver.6.00, permite a atacantes acceder a archivos confidenciales por medio de un salto de directorio SolarView Compact version 6.00 suffers from a directory traversal vulnerability. • https://packetstorm.news/files/id/167383 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20662
https://notcve.org/view.php?id=CVE-2021-20662
24 Feb 2021 — Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors. Una falta de autenticación para funciones críticas en SolarView Compact SV-CPT-MC310 versiones anteriores a Ver.6.5, permite a un atacante alterar la información de configuración sin los privilegios de acceso por medio de vectores no especificados • https://jvn.jp/en/jp/JVN37417423/index.html • CWE-306: Missing Authentication for Critical Function •