Jake Valletta

CVE-2020-25217 WRITEUP HIGH WRITEUP

Grandstream Grp2612 Firmware - Command Injection

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.

CVSS 7.2

View Code

CVE-2020-25218 WRITEUP CRITICAL WRITEUP

Grandstream Grp2612 Firmware - Missing Authentication

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass in its administrative web interface.

CVSS 9.8

View Code

CVE-2020-6917 WRITEUP HIGH WRITEUP

HP Support Assistant - Info Disclosure

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 7.8

View Code

CVE-2020-6918 WRITEUP HIGH WRITEUP

HP Support Assistant - Info Disclosure

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 7.8

View Code

CVE-2020-6919 WRITEUP HIGH WRITEUP

HP Support Assistant - Info Disclosure

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 7.8

View Code

CVE-2020-6920 WRITEUP MEDIUM WRITEUP

HP Support Assistant - Info Disclosure

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 5.5

View Code

CVE-2020-6921 WRITEUP HIGH WRITEUP

HP Support Assistant - Info Disclosure

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 7.8

View Code

CVE-2020-6922 WRITEUP HIGH WRITEUP

HP Support Assistant - Info Disclosure

Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

CVSS 7.8

View Code

CVE-2020-9306 WRITEUP HIGH WRITEUP

Tesla Solarcity Solar Monitoring Gateway < 5.46.43 - Insufficiently Protected Credentials

Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.

CVSS 8.8

View Code

CVE-2021-28372 WRITEUP HIGH WRITEUP

ThroughTek Kalay Platform 2.0 - Privilege Escalation

ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device.

CVSS 8.3

View Code