Cashdro 3 Administration Panel vulnerabilities
2 known vulnerabilities affecting cashdro/cashdro_3_administration_panel.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-8076P2CRITICALCVSS 9.3v24.01.00.262026-05-08
CVE-2026-8076 [CRITICAL] CWE-1391 CVE-2026-8076: Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform
Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This could allow an attacker to easily perform a brute-force at
nvd
CVE-2026-8077P3HIGHCVSS 8.6v24.01.00.262026-05-08
CVE-2026-8077 [HIGH] CWE-862 CVE-2026-8077: Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01
Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escalate privileges and gain full administrative access. This vu
nvd