Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ultralog_express_firmware
(Unisoon)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-27 | CVE-2020-3920 | UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory. | Ultralog_express_firmware | 8.1 | ||
| 2020-03-27 | CVE-2020-3921 | UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page. | Ultralog_express_firmware | 7.5 | ||
| 2020-03-27 | CVE-2020-3936 | UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. | Ultralog_express_firmware | 9.8 |