← Back

Xinruidz

xinruidz

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Sundray Wan Controller Firmware
sundray_wan_controller_firmware
2 CVEs
Sundray Wan Controller
sundray_wan_controller
0 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-9161
1Xinruidz
1Sundray Wan Controller Firmware
Nov 21, 2024
Apr 18, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsol...Show more
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.xml file containing the admin password. (The password for root is the WebUI admin password concatenated with a static string.)Show less
CVE-2019-9160
1Xinruidz
1Sundray Wan Controller Firmware
Nov 21, 2024
Apr 18, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for r...Show more
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).Show less