Vulnerabilities > Vinchin > Vinchin Backup AND Recovery

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2024-22899 Unspecified vulnerability in Vinchin Backup and Recovery
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.
network
low complexity
vinchin
8.8
8.8
2024-02-02 CVE-2024-22900 Command Injection vulnerability in Vinchin Backup and Recovery
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.
network
low complexity
vinchin CWE-77
8.8
8.8
2024-02-02 CVE-2024-22901 Unspecified vulnerability in Vinchin Backup and Recovery
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
network
low complexity
vinchin
critical
 9.8
9.8
2024-02-02 CVE-2024-22902 Unspecified vulnerability in Vinchin Backup and Recovery
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
network
low complexity
vinchin
critical
 9.8
9.8
2024-02-02 CVE-2024-22903 Command Injection vulnerability in Vinchin Backup and Recovery
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.
network
low complexity
vinchin CWE-77
8.8
8.8
2023-10-27 CVE-2023-45498 Command Injection vulnerability in Vinchin Backup and Recovery 6.5.0.17561
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.
network
low complexity
vinchin CWE-77
critical
 9.8
9.8
2023-10-27 CVE-2023-45499 Use of Hard-coded Credentials vulnerability in Vinchin Backup and Recovery 6.5.0.17561
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.
network
low complexity
vinchin CWE-798
critical
 9.8
9.8
2022-08-03 CVE-2022-35866 Use of Hard-coded Credentials vulnerability in Vinchin Backup and Recovery 6.5.0.17561
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561.
network
low complexity
vinchin CWE-798
critical
 9.8
9.8