Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ts04x\-V_firmware
(Ave)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-28 | CVE-2020-21991 | AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials. | 53ab\-Wbs_firmware, Dominaplus, Ts01_firmware, Ts03x\-V_firmware, Ts04x\-V_firmware, Ts05_firmware, Ts05n\-V_firmware | 9.8 | ||
| 2021-04-28 | CVE-2020-21994 | AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack. | 53ab\-Wbs_firmware, Dominaplus, Ts01_firmware, Ts03x\-V_firmware, Ts04x\-V_firmware, Ts05_firmware, Ts05n\-V_firmware | 9.8 | ||
| 2021-04-28 | CVE-2020-21996 | AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. | 53ab\-Wbs_firmware, Dominaplus, Ts01_firmware, Ts03x\-V_firmware, Ts04x\-V_firmware, Ts05_firmware, Ts05n\-V_firmware | 7.5 |