CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40116
https://notcve.org/view.php?id=CVE-2024-40116
26 Jul 2024 — An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files. An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base. • https://github.com/nepenthe0320/cve_poc/blob/master/Solar-Log%201000%20-%20Unprotected%20Storage%20of%20Credentials • CWE-256: Plaintext Storage of a Password •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40117
https://notcve.org/view.php?id=CVE-2024-40117
26 Jul 2024 — Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Not existing for SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base. • https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2024-40117 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 1CVE-2022-47767
https://notcve.org/view.php?id=CVE-2022-47767
25 Jan 2023 — A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects all Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). Una puerta trasera en los productos Solar-Log Gateway permite el acceso remoto a través de un panel web, obteniendo privilegios de superadministración para el atacante. Esto afecta a todos los dispositivos Solar-Log que utilizan la versión de firmware v4.2.7 hasta v5.1.1 (incluida). A ... • https://www.solar-log.com/en/support/firmware-database-1 • CWE-912: Hidden Functionality •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20025 – Solare Solar-Log Flash Memory privileges management
https://notcve.org/view.php?id=CVE-2017-20025
09 Jun 2022 — A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20024 – Solare Solar-Log denial of service
https://notcve.org/view.php?id=CVE-2017-20024
09 Jun 2022 — A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20023 – Solare Solar-Log Network Config privileges management
https://notcve.org/view.php?id=CVE-2017-20023
09 Jun 2022 — A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20022 – Solare Solar-Log information disclosure
https://notcve.org/view.php?id=CVE-2017-20022
09 Jun 2022 — A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20021 – Solare Solar-Log File Upload privileges management
https://notcve.org/view.php?id=CVE-2017-20021
09 Jun 2022 — A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-269: Improper Privilege Management CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20020 – Solare Solar-Log cross-site request forgery
https://notcve.org/view.php?id=CVE-2017-20020
09 Jun 2022 — A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20019 – Solare Solar-Log Config information disclosure
https://notcve.org/view.php?id=CVE-2017-20019
09 Jun 2022 — A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •