Vulnerabilities > Vinchin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2024-22899 | Unspecified vulnerability in Vinchin Backup and Recovery Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. | 8.8 |
| 2024-02-02 | CVE-2024-22900 | Command Injection vulnerability in Vinchin Backup and Recovery Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. | 8.8 |
| 2024-02-02 | CVE-2024-22901 | Unspecified vulnerability in Vinchin Backup and Recovery Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. | 9.8 |
| 2024-02-02 | CVE-2024-22902 | Unspecified vulnerability in Vinchin Backup and Recovery Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. | 9.8 |
| 2024-02-02 | CVE-2024-22903 | Command Injection vulnerability in Vinchin Backup and Recovery Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. | 8.8 |
| 2023-10-27 | CVE-2023-45498 | Command Injection vulnerability in Vinchin Backup and Recovery VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. | 9.8 |
| 2023-10-27 | CVE-2023-45499 | Use of Hard-coded Credentials vulnerability in Vinchin Backup and Recovery VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. | 9.8 |
| 2022-08-03 | CVE-2022-35866 | Use of Hard-coded Credentials vulnerability in Vinchin Backup and Recovery 6.5.0.17561 This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. | 9.8 |