RSS   Vulnerabilities for 'Sanos'   RSS

2021-07-07
 
CVE-2021-32519

CWE-916
 

 
Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash.

 
 
CVE-2021-32521

CWE-798
 

 
Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges.

 
 
CVE-2021-32522

CWE-307
 

 
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users�?? credentials and obtain access via a brute force attack.

 
 
CVE-2021-32529

CWE-77
 

 
Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands.

 
 
CVE-2021-32533

CWE-78
 

 
The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions.

 
 
CVE-2021-32534

CWE-78
 

 
QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions.

 
 
CVE-2021-32535

CWE-798
 

 
The vulnerability of hard-coded default credentials in QSAN SANOS allows unauthenticated remote attackers to obtain administrator�??s permission and execute arbitrary functions.

 

 >>> Vendor: QSAN 3 Products
Storage manager
Sanos
XEVO


Copyright 2024, cxsecurity.com

 

Back to Top