Vulnerabilities > Altus > Nexto Xpress Xp340 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2021-39244 OS Command Injection vulnerability in Altus products
Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature.
network
low complexity
altus CWE-78
8.8
8.8
2021-08-23 CVE-2021-39245 Use of Hard-coded Credentials vulnerability in Altus products
Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices.
network
low complexity
altus CWE-798
7.5
7.5