← Back

Cayintech

cayintech

4 CVEs • 14 products

Products (14)

Click to collapse
Toggle
Smp Pro4 Firmware
smp-pro4_firmware
2 CVEs
Xpost
xpost
1 CVE
Cms Se Firmware
cms-se_firmware
1 CVE
Cms Se Lxc Firmware
cms-se-lxc_firmware
1 CVE
Cms 60 Firmware
cms-60_firmware
1 CVE
Cms 40 Firmware
cms-40_firmware
1 CVE
Cms 20 Firmware
cms-20_firmware
1 CVE
Cms
cms
1 CVE
Smp Pro4
smp-pro4
0 CVEs
Cms Se
cms-se
0 CVEs
Cms Se Lxc
cms-se-lxc
0 CVEs
Cms 60
cms-60
0 CVEs
Cms 40
cms-40
0 CVEs
Cms 20
cms-20
0 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-7357
1Cayintech
6Cms
Cms 20 FirmwareCms 40 Firmware+3 more
Nov 21, 2024
Aug 6, 2020
N/A· v4
9.9 CRITICAL· v3
9.0 HIGH· v2
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Serv...Show more
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.Show less
CVE-2020-7356
1Cayintech
1Xpost
Nov 21, 2024
Aug 6, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or...Show more
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.Show less
CVE-2020-6955
1Cayintech
1Smp Pro4 Firmware
Nov 21, 2024
Jan 13, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS.
CVE-2020-6954
1Cayintech
1Smp Pro4 Firmware
Nov 21, 2024
Jan 13, 2020
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=...Show more
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI.Show less