RSS   Vulnerabilities for 'XEVO'   RSS

2021-07-07
 
CVE-2021-32519

CWE-916
 

 
Use of password hash with insufficient computational effort vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to recover the plain-text password by brute-forcing the MD5 hash.

 
 
CVE-2021-32521

CWE-798
 

 
Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges.

 
 
CVE-2021-32522

CWE-307
 

 
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users�?? credentials and obtain access via a brute force attack.

 
 
CVE-2021-32529

CWE-77
 

 
Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands.

 
 
CVE-2021-32530

CWE-78
 

 
OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter.

 
 
CVE-2021-32531

CWE-78
 

 
OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions.

 
 
CVE-2021-32532

CWE-22
 

 
Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions.

 

 >>> Vendor: QSAN 3 Products
Storage manager
Sanos
XEVO


Copyright 2024, cxsecurity.com

 

Back to Top