CVE-2021-38485
- EPSS 0.22%
- Published 22.10.2021 14:15:08
- Last modified 21.11.2024 06:17:13
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
CVE-2021-42536
- EPSS 0.19%
- Published 22.10.2021 14:15:08
- Last modified 21.11.2024 06:27:45
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
CVE-2021-42538
- EPSS 0.22%
- Published 22.10.2021 14:15:08
- Last modified 21.11.2024 06:27:45
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
CVE-2021-42539
- EPSS 0.18%
- Published 22.10.2021 14:15:08
- Last modified 21.11.2024 06:27:45
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
CVE-2021-42540
- EPSS 0.22%
- Published 22.10.2021 14:15:08
- Last modified 21.11.2024 06:27:46
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
CVE-2021-42542
- EPSS 0.49%
- Published 22.10.2021 14:15:08
- Last modified 21.11.2024 06:27:46
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
- EPSS 0.29%
- Published 29.09.2021 20:15:07
- Last modified 21.11.2024 04:59:08
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the ...