Sylon

2 exploits Active since Feb 2023

CVE-2022-47070 WRITEUP HIGH WORKING POC

nvs-365-v01_firmware - Unauthenticated Exposure of Sensitive Information via Password Validation Response

NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information.

CVSS 7.5

View Code

CVE-2022-47071 WRITEUP CRITICAL WORKING POC

nvs-365-v01_firmware - OS Command Injection via Background Network Test Function

In NVS365 V01, the background network test function can trigger command execution.

CVSS 9.8

View Code