Daniel Wong

#6805of 53,638
39.8Total CVSS
Vulnerabilities · 5
Medium
2
Critical
3
PT-2022-26749
6.8
2022-11-17
Media5 · Mediatrix 4102 · CVE-2022-43096
**Name of the Vulnerable Software and Affected Versions** Mediatrix 4102 versions prior to 48.5.2718 **Description** The issue allows local attackers to gain root access via the UART port. **Recommendations** For versions prior to 48.5.2718, update to version 48.5.2718 or later to resolve the issue.
PT-2022-24567
4.3
2022-09-15
Nokia · Nokia Fastmile 5G Receiver 5G14-B · CVE-2022-38788
**Name of the Vulnerable Software and Affected Versions** Nokia FastMile 5G Receiver 5G14-B version 1.2104.00.0281 **Description** An issue was discovered in the Bluetooth pairing mechanism of the Nokia ODU, which uses outdated pairing mechanisms. This allows an attacker to passively intercept a pairing handshake and, after offline cracking, retrieve the PIN and long-term key (LTK). **Recommendations** For Nokia FastMile 5G Receiver 5G14-B version 1.2104.00.0281, consider disabling Bluetooth until a patch or update is available to address the outdated pairing mechanisms. Restrict access to the Bluetooth functionality to minimize the risk of exploitation. Avoid using the device's Bluetooth feature for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-24568
9.1
2022-09-15
Airties · Airties Smart Wi-Fi · CVE-2022-38789
**Name of the Vulnerable Software and Affected Versions** Airties Smart Wi-Fi versions prior to 2020-08-04 **Description** The issue allows attackers to change the main/guest SSID and the PSK to arbitrary values and map the LAN due to Insecure Direct Object Reference. **Recommendations** For versions prior to 2020-08-04, update to a version released after 2020-08-04 to resolve the issue.
PT-2019-9572
9.8
2019-04-25
Cmg · Cmg Suite · CVE-2018-18285
**Name of the Vulnerable Software and Affected Versions** CMG Suite versions 8.4 SP2 and earlier **Description** The issue is related to SQL injection vulnerabilities due to insufficient input validation for the login interface. This could allow an unauthenticated attacker to conduct an SQL injection attack, potentially extracting sensitive information from the database and executing arbitrary scripts. **Recommendations** For CMG Suite versions 8.4 SP2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-9573
9.8
2019-04-25
Cmg · Cmg Suite · CVE-2018-18286
**Name of the Vulnerable Software and Affected Versions** CMG Suite versions 8.4 SP2 and earlier **Description** The issue is related to SQL injection vulnerabilities due to insufficient input validation for the `changepwd` interface. This could allow an unauthenticated attacker to conduct an SQL injection attack, potentially extracting sensitive information from the database and executing arbitrary scripts. **Recommendations** For CMG Suite versions 8.4 SP2 and earlier, update to a version that addresses the SQL injection vulnerabilities in the `changepwd` interface to prevent exploitation.