Vulnerabilities > Nedi > Nedi > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-10-06 CVE-2022-40895 Information Exposure Through Discrepancy vulnerability in Nedi 1.0.7
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability.
network
low complexity
nedi CWE-203
critical
 9.1
9.1
2021-02-12 CVE-2021-26753 Incorrect Authorization vulnerability in Nedi 1.9C
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter.
network
low complexity
nedi CWE-863
critical
 9.9
9.9