Vulnerabilities (CVE)

Filtered by vendor Unisoon Subscribe
Filtered by product Ultralog Express
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-3936 1 Unisoon 2 Ultralog Express, Ultralog Express Firmware 2024-11-21 7.5 HIGH 10.0 CRITICAL
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
CVE-2020-3921 1 Unisoon 2 Ultralog Express, Ultralog Express Firmware 2024-11-21 5.0 MEDIUM 8.6 HIGH
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.
CVE-2020-3920 1 Unisoon 2 Ultralog Express, Ultralog Express Firmware 2024-11-21 5.5 MEDIUM 8.1 HIGH
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.