CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-6960
https://notcve.org/view.php?id=CVE-2020-6960
22 Jan 2020 — The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to ... • https://www.us-cert.gov/ics/advisories/icsa-20-021-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2020-6959
https://notcve.org/view.php?id=CVE-2020-6959
22 Jan 2020 — The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely m... • https://www.us-cert.gov/ics/advisories/icsa-20-021-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.3EPSS: 24%CPEs: 14EXPL: 1CVE-2017-14263
https://notcve.org/view.php?id=CVE-2017-14263
11 Sep 2017 — Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. Los dispositivos NVR de Honeywell permiten a los atacantes remotos crear una cuenta de usuario en el grupo admin accediendo a la cuenta guest para obtener un ID de sesión y luego env... • https://github.com/zzz66686/CVE-2017-14263 • CWE-384: Session Fixation •