Description
A SQL-Injection vulnerability in the nTracker USB Enterprise(secure USB management solution) allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36223
Scores
CVSS v3
9.3
EPSS
0.0140
EPSS Percentile
69.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-200
CWE-89
Status
published
Products (1)
ntracker/ntracker_usb_enterprise
< 5
Published
Sep 07, 2021
Tracked Since
Feb 18, 2026