Inclusion of undocumented features vulnerability accessible when logged on with a privileged access level on the following Schweitzer Engineering Laboratories relays could allow the relay to behave unpredictably: SEL-700BT Motor Bus Transfer Relay, SEL-700G Generator Protection Relay, SEL-710-5...
6.5CVSS
7AI Score
0.0004EPSS
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to.....
7.8CVSS
9AI Score
0.0004EPSS
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root...
5.5CVSS
9.1AI Score
0.0004EPSS
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated,...
9.8CVSS
9.5AI Score
0.005EPSS
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the...
9.8CVSS
9.5AI Score
0.002EPSS
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the...
5.5CVSS
9.2AI Score
0.0004EPSS
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the...
7.8CVSS
9.3AI Score
0.0004EPSS
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation...
4.4CVSS
5AI Score
0.0004EPSS
SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than...
7AI Score
0.021EPSS