Redfox-Security

6 exploits Active since Jan 2021
CVE-2024-4231 NOMISEC MEDIUM STUB
Digisol Router <3.2.02 - Privilege Escalation
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by identifying UART pins and accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to access the sensitive information on the targeted system.
CVSS 4.6
CVE-2024-4232 NOMISEC MEDIUM STUB
Digisol Router <3.2.02 - Info Disclosure
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
CVSS 4.1
CVE-2024-4232 NOMISEC MEDIUM STUB
Digisol Router <3.2.02 - Info Disclosure
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ database. An attacker with physical access could exploit this by extracting the firmware and reverse engineer the binary data to access the plaintext passwords on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the targeted system.
CVSS 4.1
CVE-2024-21413 NOMISEC CRITICAL SUSPICIOUS
Microsoft 365 Apps - Improper Input Validation
Microsoft Outlook Remote Code Execution Vulnerability
CVSS 9.8
CVE-2024-2257 NOMISEC CRITICAL STUB
Digisol Router <3.2.02 - Info Disclosure
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats.
CVSS 9.1
CVE-2020-35717 NOMISEC CRITICAL STUB
Electronjs Zonote < 0.4.0 - XSS
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).
CVSS 9.0