VYPR
Vendor

Cayin

Products
3
CVEs
4
Across products
4
Status
Private

Products

3

Recent CVEs

4
  • CVE-2020-6954MedJan 13, 2020
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI.

  • CVE-2020-6955MedJan 13, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.

  • CVE-2020-7357CriAug 6, 2020
    risk 0.06cvss 9.6epss 0.34

    Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue…

  • CVE-2020-7356CriAug 6, 2020
    risk 0.04cvss 10.0epss 0.14

    CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate…