Search
Find a vulnerability
Search criteria
16 vulnerabilities found for winston_firmware by winstonprivacy
CVE-2020-16263 (GCVE-0-2020-16263)
Vulnerability from nvd – Published: 2020-10-28 17:13 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:13:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16263",
"datePublished": "2020-10-28T17:13:58.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16262 (GCVE-0-2020-16262)
Vulnerability from nvd – Published: 2020-10-28 17:12 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:12:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16262",
"datePublished": "2020-10-28T17:12:13.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16261 (GCVE-0-2020-16261)
Vulnerability from nvd – Published: 2020-10-28 17:10 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:10:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16261",
"datePublished": "2020-10-28T17:10:32.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16260 (GCVE-0-2020-16260)
Vulnerability from nvd – Published: 2020-10-28 17:15 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:15:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16260",
"datePublished": "2020-10-28T17:15:56.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16259 (GCVE-0-2020-16259)
Vulnerability from nvd – Published: 2020-10-28 17:20 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:20:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16259",
"datePublished": "2020-10-28T17:20:04.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16258 (GCVE-0-2020-16258)
Vulnerability from nvd – Published: 2020-10-28 17:18 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:18:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16258",
"datePublished": "2020-10-28T17:18:03.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16256 (GCVE-0-2020-16256)
Vulnerability from nvd – Published: 2020-10-28 17:07 – Updated: 2024-08-04 13:37
VLAI
Summary
The API on Winston 1.5.4 devices is vulnerable to CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The API on Winston 1.5.4 devices is vulnerable to CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:07:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The API on Winston 1.5.4 devices is vulnerable to CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16256",
"datePublished": "2020-10-28T17:07:40.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16257 (GCVE-0-2020-16257)
Vulnerability from nvd – Published: 2020-10-28 17:02 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices are vulnerable to command injection via the API.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices are vulnerable to command injection via the API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:02:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices are vulnerable to command injection via the API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16257",
"datePublished": "2020-10-28T17:02:13.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16259 (GCVE-0-2020-16259)
Vulnerability from cvelistv5 – Published: 2020-10-28 17:20 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:20:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16259",
"datePublished": "2020-10-28T17:20:04.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16258 (GCVE-0-2020-16258)
Vulnerability from cvelistv5 – Published: 2020-10-28 17:18 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:18:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16258",
"datePublished": "2020-10-28T17:18:03.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16260 (GCVE-0-2020-16260)
Vulnerability from cvelistv5 – Published: 2020-10-28 17:15 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:15:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16260",
"datePublished": "2020-10-28T17:15:56.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16263 (GCVE-0-2020-16263)
Vulnerability from cvelistv5 – Published: 2020-10-28 17:13 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:13:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16263",
"datePublished": "2020-10-28T17:13:58.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16262 (GCVE-0-2020-16262)
Vulnerability from cvelistv5 – Published: 2020-10-28 17:12 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:12:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16262",
"datePublished": "2020-10-28T17:12:13.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16261 (GCVE-0-2020-16261)
Vulnerability from cvelistv5 – Published: 2020-10-28 17:10 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:10:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16261",
"datePublished": "2020-10-28T17:10:32.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16256 (GCVE-0-2020-16256)
Vulnerability from cvelistv5 – Published: 2020-10-28 17:07 – Updated: 2024-08-04 13:37
VLAI
Summary
The API on Winston 1.5.4 devices is vulnerable to CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The API on Winston 1.5.4 devices is vulnerable to CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:07:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The API on Winston 1.5.4 devices is vulnerable to CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16256",
"datePublished": "2020-10-28T17:07:40.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16257 (GCVE-0-2020-16257)
Vulnerability from cvelistv5 – Published: 2020-10-28 17:02 – Updated: 2024-08-04 13:37
VLAI
Summary
Winston 1.5.4 devices are vulnerable to command injection via the API.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://winstonprivacy.com/ | x_refsource_MISC |
| https://labs.bishopfox.com/advisories/winston-pri… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Winston 1.5.4 devices are vulnerable to command injection via the API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T17:02:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://winstonprivacy.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winston 1.5.4 devices are vulnerable to command injection via the API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://winstonprivacy.com/",
"refsource": "MISC",
"url": "https://winstonprivacy.com/"
},
{
"name": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16257",
"datePublished": "2020-10-28T17:02:13.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}