Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack.
7.2AI Score
0.002EPSS
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access via unspecified vectors.
7AI Score
0.003EPSS
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
7.6AI Score
0.055EPSS
A flaw was found in StarWind Stack. The endpoint for setting a new password doesnβt check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633.
8.8CVSS
8.5AI Score
0.001EPSS
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesnβt check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root ...
9.8CVSS
9.3AI Score
0.005EPSS