Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web panel vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-27215
An issue exists in genua genugate prior to 9.0 Z p19, 9.1.x up to and including 9.6.x prior to 9.6 p7, and 10.x prior to 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method d...
Genua Genuagate 10.1
Genua Genuagate
Genua Genuagate 9.0
Genua Genuagate 9.6.0
7.5
CVSSv2
CVE-2020-17500
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro prior to 3.8 allows Command Injection (issue 1 of 4). The NDN-210 has a web administration panel which is made available over https. The logon method is basic authentication. There is a command injection iss...
Barco Transform N
7.5
CVSSv2
CVE-2020-35575
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote malicious user to get full administrative access to the web panel. This affects WA901ND devices prior to 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WD...
Tp-link Wa901nd Firmware
Tp-link Archer C5 Firmware -
Tp-link Archer C7 Firmware -
Tp-link Mr3420 Firmware -
Tp-link Mr6400 Firmware -
Tp-link Wa701nd Firmware -
Tp-link Wa801nd Firmware -
Tp-link Wdr3500 Firmware -
Tp-link Wdr3600 Firmware -
Tp-link We843n Firmware -
Tp-link Wr1043nd Firmware -
Tp-link Wr1045nd Firmware -
Tp-link Wr740n Firmware -
Tp-link Wr741nd Firmware -
Tp-link Wr749n Firmware -
Tp-link Wr802n Firmware -
Tp-link Wr840n Firmware -
Tp-link Wr841hp Firmware -
Tp-link Wr841n Firmware -
Tp-link Wr842n Firmware -
Tp-link Wr842nd Firmware -
Tp-link Wr845n Firmware -
7.5
CVSSv2
CVE-2020-11963
IQrouter up to and including 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating t...
Evenroute Iqrouter Firmware
7.5
CVSSv2
CVE-2020-11966
In IQrouter up to and including 3.3.1, the Lua function reset_password in the web-panel allows remote malicious users to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced i...
Evenroute Iqrouter Firmware
7.5
CVSSv2
CVE-2020-10230
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
Control-webpanel Webpanel -
7.5
CVSSv2
CVE-2014-9614
The Web Panel in Netsweeper prior to 4.0.5 has a default password of branding for the branding account, which makes it easier for remote malicious users to obtain access via a request to webadmin/.
Netsweeper Netsweeper
7.5
CVSSv2
CVE-2019-18418
clonos.php in ClonOS WEB control panel 19.09 allows remote malicious users to gain full access via change password requests because there is no session management.
Clonos Clonos 19.09
1 EDB exploit
7.5
CVSSv2
CVE-2019-15571
The WEB control panel prior to 2019-04-30 for ClonOS allows SQL injection in clonos.php.
Clonos Project Clonos
7.5
CVSSv2
CVE-2019-13360
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »