Vulnerabilities > Racom > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-16 CVE-2021-20075 Improper Privilege Management vulnerability in Racom M!Dge Firmware 4.4.40.105
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.
local
low complexity
racom CWE-269
7.8
7.8
2021-02-16 CVE-2021-20074 OS Command Injection vulnerability in Racom M!Dge Firmware 4.4.40.105
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.
network
low complexity
racom CWE-78
8.8
8.8
2021-02-16 CVE-2021-20073 Cross-Site Request Forgery (CSRF) vulnerability in Racom M!Dge Firmware 4.4.40.105
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.
network
low complexity
racom CWE-352
8.8
8.8
2021-02-16 CVE-2021-20072 Path Traversal vulnerability in Racom M!Dge Firmware 4.4.40.105
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.
network
low complexity
racom CWE-22
7.2
7.2