Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssh vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-21502
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them acces...
Dell Emc Powerscale Onefs 9.0.0
Dell Emc Powerscale Onefs 8.1.0
Dell Emc Powerscale Onefs 8.1.1
Dell Emc Powerscale Onefs 8.2.0
Dell Emc Powerscale Onefs 8.2.1
Dell Emc Powerscale Onefs 8.1.2
Dell Emc Powerscale Onefs 8.2.2
Dell Emc Powerscale Onefs 9.1.0
9.8
CVSSv3
CVE-2020-15833
An issue exists on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
Mofinetwork Mofi4500-4gxelte Firmware 4.1.5-std
9.8
CVSSv3
CVE-2020-10210
Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH.
Amino Ak45x Firmware -
Amino Ak5xx Firmware -
Amino Ak65x Firmware -
Amino Aria6xx Firmware -
Amino Aria7xx Firmware -
Amino Kami7b Firmware -
9.8
CVSSv3
CVE-2020-25196
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
Moxa Nport Iaw5000a-i\\/o Firmware
9.8
CVSSv3
CVE-2020-29583
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin p...
Zyxel Usg20-vpn Firmware 4.60
Zyxel Usg20w-vpn Firmware 4.60
Zyxel Usg40 Firmware 4.60
Zyxel Usg40w Firmware 4.60
Zyxel Usg60 Firmware 4.60
Zyxel Usg60w Firmware 4.60
Zyxel Usg110 Firmware 4.60
Zyxel Usg210 Firmware 4.60
Zyxel Usg310 Firmware 4.60
Zyxel Usg1100 Firmware 4.60
Zyxel Usg1900 Firmware 4.60
Zyxel Usg2200 Firmware 4.60
Zyxel Zywall110 Firmware 4.60
Zyxel Zywall310 Firmware 4.60
Zyxel Zywall1100 Firmware 4.60
2 Github repositories
9.8
CVSSv3
CVE-2020-20184
GateOne allows remote malicious users to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection.
Liftoffsoftware Gateone -
9.8
CVSSv3
CVE-2020-26201
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an malicious user to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
Askey Ap5100w Firmware
9.8
CVSSv3
CVE-2020-28329
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25,...
Barco Wepresent Wipg-1600w Firmware 2.4.1.19
Barco Wepresent Wipg-1600w Firmware 2.5.0.24
Barco Wepresent Wipg-1600w Firmware 2.5.0.25
Barco Wepresent Wipg-1600w Firmware 2.5.1.8
9.8
CVSSv3
CVE-2020-28334
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-2...
Barco Wepresent Wipg-1600w Firmware 2.4.1.19
Barco Wepresent Wipg-1600w Firmware 2.5.0.24
Barco Wepresent Wipg-1600w Firmware 2.5.0.25
Barco Wepresent Wipg-1600w Firmware 2.5.1.8
9.8
CVSSv3
CVE-2020-16846
An issue exists in SaltStack Salt up to and including 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Saltstack Salt 3001
Saltstack Salt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »