CyberSec.Space Logo
Back to CVE Browser

CVE-2020-16258

HIGH
7.1
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile0.56th
PublishedOct 28, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.

Affected Platforms (CPE)

πŸ’»
Winstonprivacy

Winston Firmware

= 1.5.4

References & Advisories

πŸ”— https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4
πŸ”— https://winstonprivacy.com/
πŸ”— https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4
πŸ”— https://winstonprivacy.com/

Related Vulnerabilities

CVE-2020-195310.0

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes i...

CVE-2020-393610.0

UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers ...

CVE-2020-079610.0

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles cer...

CVE-2020-161410.0

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, wh...