📦

web\'log_light

Vendor: meteocontrol

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 1 Remote Access

Total CVEs 6 Total Indexed

Avg. EPSS 49.98% Exploit Prob.

Latest CVE CVE-2016-2298 May 14

Security Vulnerability Index

Page 1 / 1

9.8 CVSS

CVE-2016-2298

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.

EPSS: 73.03%

Severity: CRITICAL

May 14, 2016

9.4 CVSS

CVE-2016-2297

RCE

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."

EPSS: 1.59%

Severity: CRITICAL

May 14, 2016

9.4 CVSS

CVE-2016-2296

Exploit Found

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

EPSS: 75.31%

Severity: CRITICAL

May 14, 2016

Displaying 3 of 6 Total Entries

Total 1 Sections