BlaauwproductsCVEs & Vulnerabilities

9 CVEs affecting Blaauwproducts products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

remote kiln control 18
CVE-2019-18872HIGH

Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).

7 May 2020
7.5
CVSS
CVE-2019-18871HIGH

A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.

7 May 2020
8.8
CVSS
CVE-2019-18870MEDIUM

A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.

7 May 2020
6.5
CVSS
CVE-2019-18869CRITICAL

Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.

7 May 2020
9.8
CVSS
CVE-2019-18866HIGH

Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.

7 May 2020
7.5
CVSS
CVE-2019-18864HIGH

/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine.

7 May 2020
7.5
CVSS
CVE-2019-18868CRITICAL

Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.

7 May 2020
9.8
CVSS
CVE-2019-18867HIGH

Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.

7 May 2020
7.5
CVSS
CVE-2019-18865MEDIUM

Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.

7 May 2020
5.3
CVSS
← PrevPage 1 / 1Next →