Published: 04/01/2021 Updated: 08/01/2021

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 5.8 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dell wyse_thinos

Dell Wyse Thin Client scores two perfect 10 security flaws

The Register • Thomas Claburn in San Francisco • 21 Dec 2020

Come on in and enjoy our unprotected FTP server and unsigned configuration files

Dell, which pitches its Wyse ThinOS as "the most secure thin client operating system," plans to publish an advisory on Monday for two severe security vulnerabilities. CVE-2020-29491 and CVE-2020-29492 are both critical flaws, managing a perfect (although unwelcome) CVSS score of 10 out of 10. The vulnerabilities, which affect all Dell Wyse Thin Clients running ThinOS versions 8.6 or earlier, allow more or less anyone to remotely run malicious code and to access arbitrary files on vulnerable devi...

CVE-2020-29492

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect