Search criteria
24 vulnerabilities found for solar-log_2000_firmware by solar-log
FKIE_CVE-2022-47767
Vulnerability from fkie_nvd - Published: 2023-01-26 21:18 - Updated: 2025-04-01 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.solar-log.com/en/support/firmware-database-1 | Vendor Advisory | |
| cve@mitre.org | https://www.swascan.com/security-advisory-solar-log/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.solar-log.com/en/support/firmware-database-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.swascan.com/security-advisory-solar-log/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4298B949-AC58-4478-A5C4-C711124EB7C1",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7339498A-8AA1-4AA3-B6F9-280986B021B1",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B90A11-AD70-41C0-9C0E-A29CEA393F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C21ADBF9-F85B-49C9-9C3E-887884DB8F37",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC9059E-30BB-4C2B-9DF2-25675EA3DEA0",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C52341D-00C9-412E-9B33-24BA8E9B33E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB630390-B86B-4E9B-8968-E1C93E0D737A",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CBBAA6-CE97-404E-886B-389D95DAB2F7",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "978CC7AA-DAF0-4891-BCA2-BEE70BFCE3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A361F6E1-2766-4EE5-9590-E47CDC77A143",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10DA25F0-F55F-4863-A5ED-D065FE0905AE",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC786FF-FB72-41A4-8EB8-2EF234D59BCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D509F59-615F-4415-8AAD-375C3CA8E44E",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B08C2931-78CA-47BF-A1EA-AD062AB1C470",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5820511-2D50-4869-8ABA-12432555431B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61680AF1-80D9-4A2C-B91C-F95797668667",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3012682-05E7-4EB8-9234-17E81408E467",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000_pm\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B231D-DC7C-458C-A301-9617611AF9DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78393B1A-7026-4BE7-93C3-B7561DC47E05",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "621467D3-6C37-4EC9-AC8E-28FF6DA86F11",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152D1F1A-67E7-4AAE-8F69-60824CCF451C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0393925F-251C-4BCC-8664-4A913EA6276E",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E07F2349-7BAB-4D78-84F6-ADF877D73FE7",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7B66B-5440-4D74-817D-2A43F20060CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB630390-B86B-4E9B-8968-E1C93E0D737A",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76CBBAA6-CE97-404E-886B-389D95DAB2F7",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "978CC7AA-DAF0-4891-BCA2-BEE70BFCE3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51872661-04CB-4AE3-9270-005FEF2A7DA5",
"versionEndExcluding": "4.2.8_117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2915D1D-2763-4C7A-B50C-7438D170C000",
"versionEndExcluding": "5.1.2_156",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "345B2D76-4996-4D58-8FC7-A2E561A54E93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base."
},
{
"lang": "es",
"value": "Una puerta trasera en los productos Solar-Log Gateway permite el acceso remoto a trav\u00e9s de un panel web, obteniendo privilegios de superadministraci\u00f3n para el atacante. Esto afecta a todos los dispositivos Solar-Log que utilizan la versi\u00f3n de firmware v4.2.7 hasta v5.1.1 (incluida)."
}
],
"id": "CVE-2022-47767",
"lastModified": "2025-04-01T15:15:56.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-26T21:18:05.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solar-log.com/en/support/firmware-database-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.swascan.com/security-advisory-solar-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.solar-log.com/en/support/firmware-database-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.swascan.com/security-advisory-solar-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-912"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2017-20025
Vulnerability from fkie_nvd - Published: 2022-06-09 23:15 - Updated: 2024-11-21 03:22
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.98935 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.98935 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solar-log | solar-log_250_firmware | 2.8.4-56 | |
| solar-log | solar-log_250_firmware | 3.5.2-85 | |
| solar-log | solar-log_250 | - | |
| solar-log | solar-log_300_firmware | 2.8.4-56 | |
| solar-log | solar-log_300_firmware | 3.5.2-85 | |
| solar-log | solar-log_300 | - | |
| solar-log | solar-log_500_firmware | 2.8.4-56 | |
| solar-log | solar-log_500_firmware | 3.5.2-85 | |
| solar-log | solar-log_500 | - | |
| solar-log | solar-log_800e_firmware | 2.8.4-56 | |
| solar-log | solar-log_800e_firmware | 3.5.2-85 | |
| solar-log | solar-log_800e | - | |
| solar-log | solar-log_1000_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000 | - | |
| solar-log | solar-log_1000_pm\+_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_pm\+_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000_pm\+ | - | |
| solar-log | solar-log_1200_firmware | 2.8.4-56 | |
| solar-log | solar-log_1200_firmware | 3.5.2-85 | |
| solar-log | solar-log_1200 | - | |
| solar-log | solar-log_2000_firmware | 2.8.4-56 | |
| solar-log | solar-log_2000_firmware | 3.5.2-85 | |
| solar-log | solar-log_2000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BF1028-175F-4771-8E51-CE1B4F1D6C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AA491A-0F73-41CF-A054-19E4A1C84FBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B90A11-AD70-41C0-9C0E-A29CEA393F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E01D7-0E36-4F3F-B97E-355A904BA9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "557DF05F-3078-4A6F-A9A7-A4F67989F5C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C52341D-00C9-412E-9B33-24BA8E9B33E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "C15E8917-1BA5-47B0-8C8B-2947C7C05717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "956B9CC8-2A60-4BD5-BF2D-A5B6F86E4FE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "978CC7AA-DAF0-4891-BCA2-BEE70BFCE3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "09C809C3-3278-4776-B925-E07939BAE98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2BB717-80FA-42F0-8C14-B9B45C9B9022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC786FF-FB72-41A4-8EB8-2EF234D59BCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "813EBE81-C8EE-41B5-9027-93F0F1E5E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "FB509869-6952-4A05-97A7-8266BD1C18AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5820511-2D50-4869-8ABA-12432555431B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB17FEC-C3D2-427E-8C1C-AD40F1425DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF0A3CB-49A9-4D2A-A052-2638FC501084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000_pm\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B231D-DC7C-458C-A301-9617611AF9DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "E40B905F-45B5-4BF4-9E42-7CFBCD0C9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "1F171F8D-15F8-40CD-92F9-BBD5CE6D46A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152D1F1A-67E7-4AAE-8F69-60824CCF451C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "EA355060-F745-4D4B-B887-8FD85DFC0F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDD2878-B81E-4338-AA5A-2890C4F67006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7B66B-5440-4D74-817D-2A43F20060CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Solare Solar-Log 2.8.4-56/3.5.2-85. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente Flash Memory. La manipulaci\u00f3n conlleva a una escalada de privilegios. El ataque puede ser lanzado remotamente. La actualizaci\u00f3n a versi\u00f3n 3.5.3-86 puede abordar este problema. Es recomendado actualizar el componente afectado"
}
],
"id": "CVE-2017-20025",
"lastModified": "2024-11-21T03:22:28.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T23:15:08.287",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98935"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-20022
Vulnerability from fkie_nvd - Published: 2022-06-09 23:15 - Updated: 2025-04-15 13:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.98932 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.98932 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solar-log | solar-log_250_firmware | 2.8.4-56 | |
| solar-log | solar-log_250_firmware | 3.5.2-85 | |
| solar-log | solar-log_250 | - | |
| solar-log | solar-log_300_firmware | 2.8.4-56 | |
| solar-log | solar-log_300_firmware | 3.5.2-85 | |
| solar-log | solar-log_300 | - | |
| solar-log | solar-log_500_firmware | 2.8.4-56 | |
| solar-log | solar-log_500_firmware | 3.5.2-85 | |
| solar-log | solar-log_500 | - | |
| solar-log | solar-log_800e_firmware | 2.8.4-56 | |
| solar-log | solar-log_800e_firmware | 3.5.2-85 | |
| solar-log | solar-log_800e | - | |
| solar-log | solar-log_1000_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000 | - | |
| solar-log | solar-log_1000_pm\+_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_pm\+_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000_pm\+ | - | |
| solar-log | solar-log_1200_firmware | 2.8.4-56 | |
| solar-log | solar-log_1200_firmware | 3.5.2-85 | |
| solar-log | solar-log_1200 | - | |
| solar-log | solar-log_2000_firmware | 2.8.4-56 | |
| solar-log | solar-log_2000_firmware | 3.5.2-85 | |
| solar-log | solar-log_2000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BF1028-175F-4771-8E51-CE1B4F1D6C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AA491A-0F73-41CF-A054-19E4A1C84FBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B90A11-AD70-41C0-9C0E-A29CEA393F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E01D7-0E36-4F3F-B97E-355A904BA9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "557DF05F-3078-4A6F-A9A7-A4F67989F5C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C52341D-00C9-412E-9B33-24BA8E9B33E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "C15E8917-1BA5-47B0-8C8B-2947C7C05717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "956B9CC8-2A60-4BD5-BF2D-A5B6F86E4FE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "978CC7AA-DAF0-4891-BCA2-BEE70BFCE3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "09C809C3-3278-4776-B925-E07939BAE98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2BB717-80FA-42F0-8C14-B9B45C9B9022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC786FF-FB72-41A4-8EB8-2EF234D59BCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "813EBE81-C8EE-41B5-9027-93F0F1E5E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "FB509869-6952-4A05-97A7-8266BD1C18AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5820511-2D50-4869-8ABA-12432555431B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB17FEC-C3D2-427E-8C1C-AD40F1425DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF0A3CB-49A9-4D2A-A052-2638FC501084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000_pm\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B231D-DC7C-458C-A301-9617611AF9DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "E40B905F-45B5-4BF4-9E42-7CFBCD0C9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "1F171F8D-15F8-40CD-92F9-BBD5CE6D46A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152D1F1A-67E7-4AAE-8F69-60824CCF451C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "EA355060-F745-4D4B-B887-8FD85DFC0F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDD2878-B81E-4338-AA5A-2890C4F67006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7B66B-5440-4D74-817D-2A43F20060CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Solare Solar-Log 2.8.4-56/3.5.2-85 y ha sido clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido. La manipulaci\u00f3n conlleva a una divulgaci\u00f3n de informaci\u00f3n. El ataque puede iniciarse de forma remota. La actualizaci\u00f3n a versi\u00f3n 3.5.3-86 puede abordar este problema. Es recomendado actualizar el componente afectado"
}
],
"id": "CVE-2017-20022",
"lastModified": "2025-04-15T13:15:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-06-09T23:15:08.110",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98932"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-20021
Vulnerability from fkie_nvd - Published: 2022-06-09 23:15 - Updated: 2024-11-21 03:22
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.98931 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.98931 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solar-log | solar-log_250_firmware | 2.8.4-56 | |
| solar-log | solar-log_250_firmware | 3.5.2-85 | |
| solar-log | solar-log_250 | - | |
| solar-log | solar-log_300_firmware | 2.8.4-56 | |
| solar-log | solar-log_300_firmware | 3.5.2-85 | |
| solar-log | solar-log_300 | - | |
| solar-log | solar-log_500_firmware | 2.8.4-56 | |
| solar-log | solar-log_500_firmware | 3.5.2-85 | |
| solar-log | solar-log_500 | - | |
| solar-log | solar-log_800e_firmware | 2.8.4-56 | |
| solar-log | solar-log_800e_firmware | 3.5.2-85 | |
| solar-log | solar-log_800e | - | |
| solar-log | solar-log_1000_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000 | - | |
| solar-log | solar-log_1000_pm\+_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_pm\+_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000_pm\+ | - | |
| solar-log | solar-log_1200_firmware | 2.8.4-56 | |
| solar-log | solar-log_1200_firmware | 3.5.2-85 | |
| solar-log | solar-log_1200 | - | |
| solar-log | solar-log_2000_firmware | 2.8.4-56 | |
| solar-log | solar-log_2000_firmware | 3.5.2-85 | |
| solar-log | solar-log_2000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BF1028-175F-4771-8E51-CE1B4F1D6C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AA491A-0F73-41CF-A054-19E4A1C84FBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B90A11-AD70-41C0-9C0E-A29CEA393F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E01D7-0E36-4F3F-B97E-355A904BA9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "557DF05F-3078-4A6F-A9A7-A4F67989F5C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C52341D-00C9-412E-9B33-24BA8E9B33E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "C15E8917-1BA5-47B0-8C8B-2947C7C05717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "956B9CC8-2A60-4BD5-BF2D-A5B6F86E4FE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "978CC7AA-DAF0-4891-BCA2-BEE70BFCE3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "09C809C3-3278-4776-B925-E07939BAE98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2BB717-80FA-42F0-8C14-B9B45C9B9022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC786FF-FB72-41A4-8EB8-2EF234D59BCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "813EBE81-C8EE-41B5-9027-93F0F1E5E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "FB509869-6952-4A05-97A7-8266BD1C18AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5820511-2D50-4869-8ABA-12432555431B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB17FEC-C3D2-427E-8C1C-AD40F1425DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF0A3CB-49A9-4D2A-A052-2638FC501084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000_pm\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B231D-DC7C-458C-A301-9617611AF9DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "E40B905F-45B5-4BF4-9E42-7CFBCD0C9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "1F171F8D-15F8-40CD-92F9-BBD5CE6D46A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152D1F1A-67E7-4AAE-8F69-60824CCF451C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "EA355060-F745-4D4B-B887-8FD85DFC0F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDD2878-B81E-4338-AA5A-2890C4F67006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7B66B-5440-4D74-817D-2A43F20060CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, clasificada como cr\u00edtica, en Solare Solar-Log 2.8.4-56/3.5.2-85. Esto afecta a una parte desconocida del componente File Upload. La manipulaci\u00f3n conlleva a una escalada de privilegios. Es posible iniciar el ataque de forma remota. La actualizaci\u00f3n a versi\u00f3n 3.5.3-86 puede abordar este problema. Es recomendado actualizar el componente afectado"
}
],
"id": "CVE-2017-20021",
"lastModified": "2024-11-21T03:22:27.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T23:15:08.047",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98931"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-20024
Vulnerability from fkie_nvd - Published: 2022-06-09 23:15 - Updated: 2024-11-21 03:22
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.98934 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.98934 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solar-log | solar-log_250_firmware | 2.8.4-56 | |
| solar-log | solar-log_250_firmware | 3.5.2-85 | |
| solar-log | solar-log_250 | - | |
| solar-log | solar-log_300_firmware | 2.8.4-56 | |
| solar-log | solar-log_300_firmware | 3.5.2-85 | |
| solar-log | solar-log_300 | - | |
| solar-log | solar-log_500_firmware | 2.8.4-56 | |
| solar-log | solar-log_500_firmware | 3.5.2-85 | |
| solar-log | solar-log_500 | - | |
| solar-log | solar-log_800e_firmware | 2.8.4-56 | |
| solar-log | solar-log_800e_firmware | 3.5.2-85 | |
| solar-log | solar-log_800e | - | |
| solar-log | solar-log_1000_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000 | - | |
| solar-log | solar-log_1000_pm\+_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_pm\+_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000_pm\+ | - | |
| solar-log | solar-log_1200_firmware | 2.8.4-56 | |
| solar-log | solar-log_1200_firmware | 3.5.2-85 | |
| solar-log | solar-log_1200 | - | |
| solar-log | solar-log_2000_firmware | 2.8.4-56 | |
| solar-log | solar-log_2000_firmware | 3.5.2-85 | |
| solar-log | solar-log_2000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BF1028-175F-4771-8E51-CE1B4F1D6C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AA491A-0F73-41CF-A054-19E4A1C84FBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B90A11-AD70-41C0-9C0E-A29CEA393F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E01D7-0E36-4F3F-B97E-355A904BA9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "557DF05F-3078-4A6F-A9A7-A4F67989F5C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C52341D-00C9-412E-9B33-24BA8E9B33E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "C15E8917-1BA5-47B0-8C8B-2947C7C05717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "956B9CC8-2A60-4BD5-BF2D-A5B6F86E4FE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "978CC7AA-DAF0-4891-BCA2-BEE70BFCE3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "09C809C3-3278-4776-B925-E07939BAE98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2BB717-80FA-42F0-8C14-B9B45C9B9022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC786FF-FB72-41A4-8EB8-2EF234D59BCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "813EBE81-C8EE-41B5-9027-93F0F1E5E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "FB509869-6952-4A05-97A7-8266BD1C18AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5820511-2D50-4869-8ABA-12432555431B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB17FEC-C3D2-427E-8C1C-AD40F1425DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF0A3CB-49A9-4D2A-A052-2638FC501084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000_pm\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B231D-DC7C-458C-A301-9617611AF9DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "E40B905F-45B5-4BF4-9E42-7CFBCD0C9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "1F171F8D-15F8-40CD-92F9-BBD5CE6D46A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152D1F1A-67E7-4AAE-8F69-60824CCF451C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "EA355060-F745-4D4B-B887-8FD85DFC0F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDD2878-B81E-4338-AA5A-2890C4F67006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7B66B-5440-4D74-817D-2A43F20060CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Solare Solar-Log 2.8.4-56/3.5.2-85. ha sido clasificada como problem\u00e1tica. La funci\u00f3n afectada es desconocida. La manipulaci\u00f3n conlleva a una denegaci\u00f3n de servicio. Es posible lanzar el ataque de forma remota. La actualizaci\u00f3n a versi\u00f3n 3.5.3-86 puede abordar este problema. Es recomendado actualizar el componente afectado"
}
],
"id": "CVE-2017-20024",
"lastModified": "2024-11-21T03:22:28.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T23:15:08.220",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98934"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-20023
Vulnerability from fkie_nvd - Published: 2022-06-09 23:15 - Updated: 2024-11-21 03:22
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.98933 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.98933 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solar-log | solar-log_250_firmware | 2.8.4-56 | |
| solar-log | solar-log_250_firmware | 3.5.2-85 | |
| solar-log | solar-log_250 | - | |
| solar-log | solar-log_300_firmware | 2.8.4-56 | |
| solar-log | solar-log_300_firmware | 3.5.2-85 | |
| solar-log | solar-log_300 | - | |
| solar-log | solar-log_500_firmware | 2.8.4-56 | |
| solar-log | solar-log_500_firmware | 3.5.2-85 | |
| solar-log | solar-log_500 | - | |
| solar-log | solar-log_800e_firmware | 2.8.4-56 | |
| solar-log | solar-log_800e_firmware | 3.5.2-85 | |
| solar-log | solar-log_800e | - | |
| solar-log | solar-log_1000_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000 | - | |
| solar-log | solar-log_1000_pm\+_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_pm\+_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000_pm\+ | - | |
| solar-log | solar-log_1200_firmware | 2.8.4-56 | |
| solar-log | solar-log_1200_firmware | 3.5.2-85 | |
| solar-log | solar-log_1200 | - | |
| solar-log | solar-log_2000_firmware | 2.8.4-56 | |
| solar-log | solar-log_2000_firmware | 3.5.2-85 | |
| solar-log | solar-log_2000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BF1028-175F-4771-8E51-CE1B4F1D6C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AA491A-0F73-41CF-A054-19E4A1C84FBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B90A11-AD70-41C0-9C0E-A29CEA393F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E01D7-0E36-4F3F-B97E-355A904BA9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "557DF05F-3078-4A6F-A9A7-A4F67989F5C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C52341D-00C9-412E-9B33-24BA8E9B33E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "C15E8917-1BA5-47B0-8C8B-2947C7C05717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "956B9CC8-2A60-4BD5-BF2D-A5B6F86E4FE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "978CC7AA-DAF0-4891-BCA2-BEE70BFCE3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "09C809C3-3278-4776-B925-E07939BAE98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2BB717-80FA-42F0-8C14-B9B45C9B9022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC786FF-FB72-41A4-8EB8-2EF234D59BCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "813EBE81-C8EE-41B5-9027-93F0F1E5E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "FB509869-6952-4A05-97A7-8266BD1C18AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5820511-2D50-4869-8ABA-12432555431B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB17FEC-C3D2-427E-8C1C-AD40F1425DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF0A3CB-49A9-4D2A-A052-2638FC501084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000_pm\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B231D-DC7C-458C-A301-9617611AF9DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "E40B905F-45B5-4BF4-9E42-7CFBCD0C9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "1F171F8D-15F8-40CD-92F9-BBD5CE6D46A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152D1F1A-67E7-4AAE-8F69-60824CCF451C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "EA355060-F745-4D4B-B887-8FD85DFC0F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDD2878-B81E-4338-AA5A-2890C4F67006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7B66B-5440-4D74-817D-2A43F20060CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Solare Solar-Log 2.8.4-56/3.5.2-85 y ha sido clasificada como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del componente Network Config. La manipulaci\u00f3n conlleva a una escalada de privilegios. El ataque puede ser iniciado remotamente. La actualizaci\u00f3n a versi\u00f3n 3.5.3-86 puede abordar este problema. Es recomendado actualizar el componente afectado"
}
],
"id": "CVE-2017-20023",
"lastModified": "2024-11-21T03:22:28.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T23:15:08.167",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98933"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-20019
Vulnerability from fkie_nvd - Published: 2022-06-09 23:15 - Updated: 2024-11-21 03:22
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.98929 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.98929 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solar-log | solar-log_250_firmware | 2.8.4-56 | |
| solar-log | solar-log_250_firmware | 3.5.2-85 | |
| solar-log | solar-log_250 | - | |
| solar-log | solar-log_300_firmware | 2.8.4-56 | |
| solar-log | solar-log_300_firmware | 3.5.2-85 | |
| solar-log | solar-log_300 | - | |
| solar-log | solar-log_500_firmware | 2.8.4-56 | |
| solar-log | solar-log_500_firmware | 3.5.2-85 | |
| solar-log | solar-log_500 | - | |
| solar-log | solar-log_800e_firmware | 2.8.4-56 | |
| solar-log | solar-log_800e_firmware | 3.5.2-85 | |
| solar-log | solar-log_800e | - | |
| solar-log | solar-log_1000_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000 | - | |
| solar-log | solar-log_1000_pm\+_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_pm\+_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000_pm\+ | - | |
| solar-log | solar-log_1200_firmware | 2.8.4-56 | |
| solar-log | solar-log_1200_firmware | 3.5.2-85 | |
| solar-log | solar-log_1200 | - | |
| solar-log | solar-log_2000_firmware | 2.8.4-56 | |
| solar-log | solar-log_2000_firmware | 3.5.2-85 | |
| solar-log | solar-log_2000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BF1028-175F-4771-8E51-CE1B4F1D6C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AA491A-0F73-41CF-A054-19E4A1C84FBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B90A11-AD70-41C0-9C0E-A29CEA393F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E01D7-0E36-4F3F-B97E-355A904BA9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "557DF05F-3078-4A6F-A9A7-A4F67989F5C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C52341D-00C9-412E-9B33-24BA8E9B33E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "C15E8917-1BA5-47B0-8C8B-2947C7C05717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "956B9CC8-2A60-4BD5-BF2D-A5B6F86E4FE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "978CC7AA-DAF0-4891-BCA2-BEE70BFCE3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "09C809C3-3278-4776-B925-E07939BAE98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2BB717-80FA-42F0-8C14-B9B45C9B9022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC786FF-FB72-41A4-8EB8-2EF234D59BCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "813EBE81-C8EE-41B5-9027-93F0F1E5E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "FB509869-6952-4A05-97A7-8266BD1C18AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5820511-2D50-4869-8ABA-12432555431B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB17FEC-C3D2-427E-8C1C-AD40F1425DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF0A3CB-49A9-4D2A-A052-2638FC501084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000_pm\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B231D-DC7C-458C-A301-9617611AF9DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "E40B905F-45B5-4BF4-9E42-7CFBCD0C9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "1F171F8D-15F8-40CD-92F9-BBD5CE6D46A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152D1F1A-67E7-4AAE-8F69-60824CCF451C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "EA355060-F745-4D4B-B887-8FD85DFC0F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDD2878-B81E-4338-AA5A-2890C4F67006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7B66B-5440-4D74-817D-2A43F20060CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Solare Solar-Log versi\u00f3n 2.8.4-56/3.5.2-85. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente Config Handler. La manipulaci\u00f3n conlleva a una divulgaci\u00f3n de informaci\u00f3n. El ataque puede ser lanzado remotamente. La actualizaci\u00f3n a versi\u00f3n 3.5.3-86 puede abordar este problema. Es recomendado actualizar el componente afectado"
}
],
"id": "CVE-2017-20019",
"lastModified": "2024-11-21T03:22:27.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T23:15:07.923",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98929"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-20020
Vulnerability from fkie_nvd - Published: 2022-06-09 23:15 - Updated: 2024-11-21 03:22
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.98930 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Mar/58 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.98930 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| solar-log | solar-log_250_firmware | 2.8.4-56 | |
| solar-log | solar-log_250_firmware | 3.5.2-85 | |
| solar-log | solar-log_250 | - | |
| solar-log | solar-log_300_firmware | 2.8.4-56 | |
| solar-log | solar-log_300_firmware | 3.5.2-85 | |
| solar-log | solar-log_300 | - | |
| solar-log | solar-log_500_firmware | 2.8.4-56 | |
| solar-log | solar-log_500_firmware | 3.5.2-85 | |
| solar-log | solar-log_500 | - | |
| solar-log | solar-log_800e_firmware | 2.8.4-56 | |
| solar-log | solar-log_800e_firmware | 3.5.2-85 | |
| solar-log | solar-log_800e | - | |
| solar-log | solar-log_1000_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000 | - | |
| solar-log | solar-log_1000_pm\+_firmware | 2.8.4-56 | |
| solar-log | solar-log_1000_pm\+_firmware | 3.5.2-85 | |
| solar-log | solar-log_1000_pm\+ | - | |
| solar-log | solar-log_1200_firmware | 2.8.4-56 | |
| solar-log | solar-log_1200_firmware | 3.5.2-85 | |
| solar-log | solar-log_1200 | - | |
| solar-log | solar-log_2000_firmware | 2.8.4-56 | |
| solar-log | solar-log_2000_firmware | 3.5.2-85 | |
| solar-log | solar-log_2000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BF1028-175F-4771-8E51-CE1B4F1D6C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AA491A-0F73-41CF-A054-19E4A1C84FBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B90A11-AD70-41C0-9C0E-A29CEA393F09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E01D7-0E36-4F3F-B97E-355A904BA9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "557DF05F-3078-4A6F-A9A7-A4F67989F5C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C52341D-00C9-412E-9B33-24BA8E9B33E3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "C15E8917-1BA5-47B0-8C8B-2947C7C05717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "956B9CC8-2A60-4BD5-BF2D-A5B6F86E4FE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "978CC7AA-DAF0-4891-BCA2-BEE70BFCE3C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "09C809C3-3278-4776-B925-E07939BAE98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2BB717-80FA-42F0-8C14-B9B45C9B9022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC786FF-FB72-41A4-8EB8-2EF234D59BCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "813EBE81-C8EE-41B5-9027-93F0F1E5E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "FB509869-6952-4A05-97A7-8266BD1C18AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5820511-2D50-4869-8ABA-12432555431B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB17FEC-C3D2-427E-8C1C-AD40F1425DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1000_pm\\+_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF0A3CB-49A9-4D2A-A052-2638FC501084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1000_pm\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1B231D-DC7C-458C-A301-9617611AF9DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "E40B905F-45B5-4BF4-9E42-7CFBCD0C9F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "1F171F8D-15F8-40CD-92F9-BBD5CE6D46A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152D1F1A-67E7-4AAE-8F69-60824CCF451C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56:*:*:*:*:*:*:*",
"matchCriteriaId": "EA355060-F745-4D4B-B887-8FD85DFC0F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDD2878-B81E-4338-AA5A-2890C4F67006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF7B66B-5440-4D74-817D-2A43F20060CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, clasificada como problem\u00e1tica, en Solare Solar-Log versi\u00f3n 2.8.4-56/3.5.2-85. Este problema afecta a una funcionalidad desconocida. La manipulaci\u00f3n conlleva a un ataque de tipo cross site request forgery. El ataque puede ser lanzado remotamente. La actualizaci\u00f3n a versi\u00f3n 3.5.3-86 puede abordar este problema. Es recomendado actualizar el componente afectado"
}
],
"id": "CVE-2017-20020",
"lastModified": "2024-11-21T03:22:27.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-09T23:15:07.980",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.98930"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-47767 (GCVE-0-2022-47767)
Vulnerability from cvelistv5 – Published: 2023-01-25 00:00 – Updated: 2025-04-01 15:09
VLAI?
Summary
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.swascan.com/security-advisory-solar-log/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solar-log.com/en/support/firmware-database-1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47767",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T15:08:41.887577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T15:09:14.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T22:56:48.008Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.swascan.com/security-advisory-solar-log/"
},
{
"url": "https://www.solar-log.com/en/support/firmware-database-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47767",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-01T15:09:14.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20025 (GCVE-0-2017-20025)
Vulnerability from cvelistv5 – Published: 2022-06-09 22:36 – Updated: 2025-04-15 14:29
VLAI?
Title
Solare Solar-Log Flash Memory privileges management
Summary
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
7.3 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98935"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20025",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:56:22.988042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:29:19.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:36:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98935"
}
],
"title": "Solare Solar-Log Flash Memory privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20025",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log Flash Memory privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "7.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98935",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20025",
"datePublished": "2022-06-09T22:36:00.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:29:19.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20024 (GCVE-0-2017-20024)
Vulnerability from cvelistv5 – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:29
VLAI?
Title
Solare Solar-Log denial of service
Summary
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
5.3 (Medium)
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98934"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:56:25.829026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:29:30.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:58.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98934"
}
],
"title": "Solare Solar-Log denial of service",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20024",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98934",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98934"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20024",
"datePublished": "2022-06-09T22:35:58.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:29:30.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20023 (GCVE-0-2017-20023)
Vulnerability from cvelistv5 – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:29
VLAI?
Title
Solare Solar-Log Network Config privileges management
Summary
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98933"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20023",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:12:31.199508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:29:43.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:57.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98933"
}
],
"title": "Solare Solar-Log Network Config privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20023",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log Network Config privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98933",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20023",
"datePublished": "2022-06-09T22:35:57.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:29:43.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20022 (GCVE-0-2017-20022)
Vulnerability from cvelistv5 – Published: 2022-06-09 22:35 – Updated: 2025-04-15 13:06
VLAI?
Title
Solare Solar-Log information disclosure
Summary
A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
7.5 (High)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98932"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-20022",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T13:05:57.817078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:06:28.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:55.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98932"
}
],
"title": "Solare Solar-Log information disclosure",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20022",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "2.9",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98932",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98932"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20022",
"datePublished": "2022-06-09T22:35:55.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:06:28.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20021 (GCVE-0-2017-20021)
Vulnerability from cvelistv5 – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:29
VLAI?
Title
Solare Solar-Log File Upload privileges management
Summary
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
6.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98931"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:56:29.344061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:29:58.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:54.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98931"
}
],
"title": "Solare Solar-Log File Upload privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20021",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log File Upload privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98931",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20021",
"datePublished": "2022-06-09T22:35:54.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:29:58.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20020 (GCVE-0-2017-20020)
Vulnerability from cvelistv5 – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:30
VLAI?
Title
Solare Solar-Log cross-site request forgery
Summary
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
5.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98930"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20020",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:56:33.080731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:30:16.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:52.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98930"
}
],
"title": "Solare Solar-Log cross-site request forgery",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20020",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log cross-site request forgery"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98930",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98930"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20020",
"datePublished": "2022-06-09T22:35:52.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:30:16.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20019 (GCVE-0-2017-20019)
Vulnerability from cvelistv5 – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:30
VLAI?
Title
Solare Solar-Log Config information disclosure
Summary
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98929"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20019",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:12:34.316492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:30:27.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:51.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98929"
}
],
"title": "Solare Solar-Log Config information disclosure",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20019",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log Config information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98929",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20019",
"datePublished": "2022-06-09T22:35:51.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:30:27.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47767 (GCVE-0-2022-47767)
Vulnerability from nvd – Published: 2023-01-25 00:00 – Updated: 2025-04-01 15:09
VLAI?
Summary
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.swascan.com/security-advisory-solar-log/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.solar-log.com/en/support/firmware-database-1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47767",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T15:08:41.887577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T15:09:14.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T22:56:48.008Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.swascan.com/security-advisory-solar-log/"
},
{
"url": "https://www.solar-log.com/en/support/firmware-database-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47767",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-12-21T00:00:00.000Z",
"dateUpdated": "2025-04-01T15:09:14.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20025 (GCVE-0-2017-20025)
Vulnerability from nvd – Published: 2022-06-09 22:36 – Updated: 2025-04-15 14:29
VLAI?
Title
Solare Solar-Log Flash Memory privileges management
Summary
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
7.3 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98935"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20025",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:56:22.988042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:29:19.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:36:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98935"
}
],
"title": "Solare Solar-Log Flash Memory privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20025",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log Flash Memory privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "7.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98935",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20025",
"datePublished": "2022-06-09T22:36:00.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:29:19.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20024 (GCVE-0-2017-20024)
Vulnerability from nvd – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:29
VLAI?
Title
Solare Solar-Log denial of service
Summary
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
5.3 (Medium)
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98934"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:56:25.829026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:29:30.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:58.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98934"
}
],
"title": "Solare Solar-Log denial of service",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20024",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98934",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98934"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20024",
"datePublished": "2022-06-09T22:35:58.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:29:30.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20023 (GCVE-0-2017-20023)
Vulnerability from nvd – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:29
VLAI?
Title
Solare Solar-Log Network Config privileges management
Summary
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98933"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20023",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:12:31.199508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:29:43.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:57.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98933"
}
],
"title": "Solare Solar-Log Network Config privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20023",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log Network Config privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98933",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20023",
"datePublished": "2022-06-09T22:35:57.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:29:43.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20022 (GCVE-0-2017-20022)
Vulnerability from nvd – Published: 2022-06-09 22:35 – Updated: 2025-04-15 13:06
VLAI?
Title
Solare Solar-Log information disclosure
Summary
A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
7.5 (High)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98932"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-20022",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T13:05:57.817078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:06:28.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:55.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98932"
}
],
"title": "Solare Solar-Log information disclosure",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20022",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "2.9",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98932",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98932"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20022",
"datePublished": "2022-06-09T22:35:55.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:06:28.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20021 (GCVE-0-2017-20021)
Vulnerability from nvd – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:29
VLAI?
Title
Solare Solar-Log File Upload privileges management
Summary
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
6.5 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98931"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:56:29.344061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:29:58.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:54.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98931"
}
],
"title": "Solare Solar-Log File Upload privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20021",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log File Upload privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98931",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20021",
"datePublished": "2022-06-09T22:35:54.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:29:58.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20020 (GCVE-0-2017-20020)
Vulnerability from nvd – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:30
VLAI?
Title
Solare Solar-Log cross-site request forgery
Summary
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
5.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98930"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20020",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:56:33.080731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:30:16.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:52.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98930"
}
],
"title": "Solare Solar-Log cross-site request forgery",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20020",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log cross-site request forgery"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98930",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98930"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20020",
"datePublished": "2022-06-09T22:35:52.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:30:16.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-20019 (GCVE-0-2017-20019)
Vulnerability from nvd – Published: 2022-06-09 22:35 – Updated: 2025-04-15 14:30
VLAI?
Title
Solare Solar-Log Config information disclosure
Summary
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
T. Weber
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:45:24.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.98929"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20019",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:12:34.316492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:30:27.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Solar-Log",
"vendor": "Solare",
"versions": [
{
"status": "affected",
"version": "2.8.4-56"
},
{
"status": "affected",
"version": "3.5.2-85"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "T. Weber"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T22:35:51.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.98929"
}
],
"title": "Solare Solar-Log Config information disclosure",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2017-20019",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Solare Solar-Log Config information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solar-Log",
"version": {
"version_data": [
{
"version_value": "2.8.4-56"
},
{
"version_value": "3.5.2-85"
}
]
}
}
]
},
"vendor_name": "Solare"
}
]
}
},
"credit": "T. Weber",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Mar/58",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/58"
},
{
"name": "https://vuldb.com/?id.98929",
"refsource": "MISC",
"url": "https://vuldb.com/?id.98929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2017-20019",
"datePublished": "2022-06-09T22:35:51.000Z",
"dateReserved": "2022-06-05T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:30:27.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}