Cayin
Products
3- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6954 | Med | 0.42 | 6.5 | 0.01 | Jan 13, 2020 | An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI. | ||
| CVE-2020-6955 | Med | 0.40 | 6.1 | 0.01 | Jan 13, 2020 | An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS. | ||
| CVE-2020-7357 | Cri | 0.06 | 9.6 | 0.34 | Aug 6, 2020 | Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue… | ||
| CVE-2020-7356 | Cri | 0.04 | 10.0 | 0.14 | Aug 6, 2020 | CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate… |
- risk 0.42cvss 6.5epss 0.01
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.
- risk 0.06cvss 9.6epss 0.34
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue…
- risk 0.04cvss 10.0epss 0.14
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate…