Vulnerabilities > Amino
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-30 | CVE-2020-10209 | OS Command Injection vulnerability in Amino products Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges. | 8.1 |
| 2020-12-30 | CVE-2020-10208 | Injection vulnerability in Amino products Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges. | 9.9 |
| 2020-12-30 | CVE-2020-10206 | Use of Hard-coded Credentials vulnerability in Amino products Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device. | 4.4 |
| 2020-12-29 | CVE-2020-10210 | Use of Hard-coded Credentials vulnerability in Amino products Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH. | 9.8 |
| 2020-12-29 | CVE-2020-10207 | Use of Hard-coded Credentials vulnerability in Amino products Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings. | 9.8 |