CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 2CVE-2021-34544
https://notcve.org/view.php?id=CVE-2021-34544
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Se ha detectado un problema en Solar-Log 500 versiones anteriores a 2.8.2 Build 52 23.04.2013. En /export.html, email.html y sms.html se almacenan contraseñas en texto sin cifrar. • https://drive.google.com/file/d/1N8Ch1UGNcoocUaPhOe_1mAECOe5kr4pt/view?usp=sharing https://www.exploit-db.com/exploits/49987 https://www.solar-log.com/en/support/firmware • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 2CVE-2021-34543
https://notcve.org/view.php?id=CVE-2021-34543
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. El servidor de administración web en Solar-Log 500 versiones anteriores a 2.8.2 Build 52 no requiere autenticación, lo que permite a atacantes remotos conseguir privilegios administrativos al conectarse al servidor. Como resultado, el atacante puede modificar los archivos de configuración y cambiar el estado del sistema The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. • https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing https://www.exploit-db.com/exploits/49986 https://www.solar-log.com/en/support/firmware • CWE-306: Missing Authentication for Critical Function •