Nvki: community verdicts
3 notable / known-exploited Nvki CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Nvki CVE, see NVD ↗.
- CVE-2023-39809CRIT 9.8Real · low riskEPSS 2%
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php.
- CVE-2023-39808CRIT 9.8Real · low riskEPSS 1%
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR hash was not determined by the vulnerability discoverer.
- CVE-2023-39807CRIT 9.8Real · low riskEPSS 1%
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.