Daniel Monzón

#8108of 53,633
33.9Total CVSS
Vulnerabilities · 4
High
3
Critical
1
PT-2025-47023
8.7
2025-11-14
Sercomm · Sercomm Vfh500 · CVE-2022-4985
**Name of the Vulnerable Software and Affected Versions** Vodafone H500s devices version 3.5.10 **Description** Vodafone H500s devices running firmware version 3.5.10 (hardware model Sercomm VFH500) have an issue where the WiFi access point password is exposed through an unauthenticated HTTP endpoint. An attacker can send a crafted GET request to the `/data/activation.json` endpoint with specific headers and cookies to retrieve a JSON document containing the `wifi password` field. This allows unauthorized access to the WiFi network, potentially compromising the confidentiality of network traffic and connected systems. **Recommendations** Update to a newer firmware version that addresses this issue.
PT-2021-11395
7.8
2021-08-20
Rconfig · Rconfig · CVE-2020-27464
Name of the Vulnerable Software and Affected Versions: rConfig versions 3.9.6 and below Description: The issue is related to an insecure update feature in the "/updater.php" component, which allows attackers to execute arbitrary code via a crafted ZIP file. Recommendations: For versions 3.9.6 and below, update to a version above 3.9.6 to resolve the issue. As a temporary workaround, consider restricting access to the "/updater.php" component until a patch is available.
PT-2021-11396
7.8
2021-08-20
Rconfig · Rconfig · CVE-2020-27466
Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.6 Description: The issue is related to an arbitrary file write vulnerability in the lib/AjaxHandlers/ajaxEditTemplate.php file. This vulnerability allows attackers to execute arbitrary code via a crafted file. Recommendations: For rConfig version 3.9.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2020-19574
9.6
2020-08-06
Microsoft · Windows · CVE-2020-7361
**Name of the Vulnerable Software and Affected Versions** EasyCorp ZenTao Pro (affected versions not specified) **Description** The issue concerns an OS command injection vulnerability in the '/pro/repo-create.html' component of the EasyCorp ZenTao Pro application. After authentication to the ZenTao dashboard, attackers can construct and send arbitrary OS commands via the `path` parameter in a POST request. These commands will run in an elevated SYSTEM context on the underlying Windows operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.