Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
winstonprivacy winston firmware 1.5.4 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-16259
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
Winstonprivacy Winston Firmware 1.5.4
10
CVSSv2
CVE-2020-16257
Winston 1.5.4 devices are vulnerable to command injection via the API.
Winstonprivacy Winston Firmware 1.5.4
9.3
CVSSv2
CVE-2020-16256
The API on Winston 1.5.4 devices is vulnerable to CSRF.
Winstonprivacy Winston Firmware 1.5.4
7.2
CVSSv2
CVE-2020-16261
Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.
Winstonprivacy Winston Firmware 1.5.4
7.2
CVSSv2
CVE-2020-16262
Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.
Winstonprivacy Winston Firmware 1.5.4
6.4
CVSSv2
CVE-2020-16263
Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.
Winstonprivacy Winston Firmware 1.5.4
5.6
CVSSv2
CVE-2020-16258
Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.
Winstonprivacy Winston Firmware 1.5.4
5
CVSSv2
CVE-2020-16260
Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.
Winstonprivacy Winston Firmware 1.5.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started