Vulnerabilities > Kyland > Kps2204 6 Port Managed DIN Rail Programmable Serial Device Firmware > r0002.p05

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-17	CVE-2020-25011	Insufficiently Protected Credentials vulnerability in Kyland Kps2204 6 Port Managed Din-Rail Programmable Serial Device Firmware R0002.P05 A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. network low complexity kyland CWE-522	5.0
2020-12-17	CVE-2020-25010	Unrestricted Upload of File with Dangerous Type vulnerability in Kyland Kps2204 6 Port Managed Din-Rail Programmable Serial Device Firmware R0002.P05 An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file. network low complexity kyland CWE-434	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.