Sinapsi Esolar vulnerabilities
4 known vulnerabilities affecting sinapsi/esolar.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1
Vulnerabilities
Page 1 of 1
CVE-2012-5863P2CRITICALCVSS 10.0PoCfixed in 2.0.2870_xxx_2.2.122012-11-23
CVE-2012-5863 [CRITICAL] CWE-78 CVE-2012-5863: These Sinapsi devices do not check for special elements in commands sent to the system. By accessin
These Sinapsi devices do not check for special elements in commands sent
to the system. By accessing certain pages with administrative privileges
that do not require authentication within the device, attackers can
execute arbitrary, unexpected, or dangerous commands directly onto the
operating system.
nvd
CVE-2012-5862P2CRITICALCVSS 10.0PoCfixed in 2.0.2870_xxx_2.2.122012-11-23
CVE-2012-5862 [CRITICAL] CWE-259 CVE-2012-5862: These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-c
These Sinapsi devices
store hard-coded passwords in the PHP file of the device. By using the
hard-coded passwords in the device, attackers can log into the device
with administrative privileges. This could allow the attacker to have
unauthorized access.
nvd
CVE-2012-5864P2CRITICALCVSS 10.0PoCfixed in 2.0.2870_xxx_2.2.122012-11-23
CVE-2012-5864 [CRITICAL] CWE-287 CVE-2012-5864: These Sinapsi devices do not check if users that visit pages within the device have properly authe
These Sinapsi devices
do not check if users that visit pages within the device have properly
authenticated. By directly visiting the pages within the device,
attackers can gain unauthorized access with administrative privileges.
nvd
CVE-2012-5861P3HIGHCVSS 7.5PoCfixed in 2.0.2870_xxx_2.2.122012-11-23
CVE-2012-5861 [HIGH] CWE-89 CVE-2012-5861: These Sinapsi devices do not check the validity of the data before executing queries. By accessing
These Sinapsi devices do not check the validity of the data before
executing queries. By accessing the SQL table of certain pages that do
not require authentication within the device, attackers can leak
information from the device. This could allow the attacker to compromise
confidentiality.
nvd