Vinchin: community verdicts
5 notable / known-exploited Vinchin CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Vinchin CVE, see NVD ↗.
- CVE-2024-22899HIGH 8.8Real · low riskEPSS 2%
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.
- CVE-2024-22900HIGH 8.8Real · low riskEPSS 2%
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.
- CVE-2024-22903HIGH 8.8Real · low riskEPSS 2%
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.
- CVE-2024-22902CRIT 9.8Real · low riskEPSS 1%
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
- CVE-2024-22901CRIT 9.8Real · low riskEPSS 1%
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.