RSS   Vulnerabilities for 'Remkon device manager'   RSS

2021-08-24
 
CVE-2021-38611

CWE-77
 

 
A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php.

 
 
CVE-2021-38612

CWE-22
 

 
In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL.

 

 >>> Vendor: Nascent 2 Products
Remkon device manager
Remkon device manager


Copyright 2024, cxsecurity.com

 

Back to Top