CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 1CVE-2022-47767
https://notcve.org/view.php?id=CVE-2022-47767
25 Jan 2023 — A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects all Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). Una puerta trasera en los productos Solar-Log Gateway permite el acceso remoto a través de un panel web, obteniendo privilegios de superadministración para el atacante. Esto afecta a todos los dispositivos Solar-Log que utilizan la versión de firmware v4.2.7 hasta v5.1.1 (incluida). A ... • https://www.solar-log.com/en/support/firmware-database-1 • CWE-912: Hidden Functionality •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20025 – Solare Solar-Log Flash Memory privileges management
https://notcve.org/view.php?id=CVE-2017-20025
09 Jun 2022 — A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20024 – Solare Solar-Log denial of service
https://notcve.org/view.php?id=CVE-2017-20024
09 Jun 2022 — A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20023 – Solare Solar-Log Network Config privileges management
https://notcve.org/view.php?id=CVE-2017-20023
09 Jun 2022 — A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20022 – Solare Solar-Log information disclosure
https://notcve.org/view.php?id=CVE-2017-20022
09 Jun 2022 — A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20021 – Solare Solar-Log File Upload privileges management
https://notcve.org/view.php?id=CVE-2017-20021
09 Jun 2022 — A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-269: Improper Privilege Management CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20020 – Solare Solar-Log cross-site request forgery
https://notcve.org/view.php?id=CVE-2017-20020
09 Jun 2022 — A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2017-20019 – Solare Solar-Log Config information disclosure
https://notcve.org/view.php?id=CVE-2017-20019
09 Jun 2022 — A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. • http://seclists.org/fulldisclosure/2017/Mar/58 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-34544
https://notcve.org/view.php?id=CVE-2021-34544
07 Dec 2021 — An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Se ha detectado un problema en Solar-Log 500 versiones anteriores a 2.8.2 Build 52 23.04.2013. En /export.html, email.html y sms.html se almacenan contraseñas en texto sin cifrar. • https://drive.google.com/file/d/1N8Ch1UGNcoocUaPhOe_1mAECOe5kr4pt/view?usp=sharing • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2021-34543
https://notcve.org/view.php?id=CVE-2021-34543
07 Dec 2021 — The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. El servidor de administración web en Solar-Log 500 versiones anteriores a 2.8.2 Build 52 no requiere autenticación, lo que permite a atacantes remotos conseguir privilegios administrativos al conectarse al servidor. Como resultado... • https://drive.google.com/file/d/1z1TaANlDyX4SOP2vjNzkPQI3nETL9kZM/view?usp=sharing • CWE-306: Missing Authentication for Critical Function •