Vulnerabilities > Nedi > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-06 | CVE-2022-40895 | Information Exposure Through Discrepancy vulnerability in Nedi 1.0.7 In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. | 9.1 |
| 2021-02-12 | CVE-2021-26753 | Incorrect Authorization vulnerability in Nedi 1.9C NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. | 9.9 |