cashdro CVE 脆弱性と CVE 一覧(2)

製品(CPE): — CVE 件数: 2

cashdro 脆弱性概要

This page aggregates publicly disclosed CVE and security risk information related to cashdro, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

脆弱性分布の推移(直近24か月)

表示中 12 / 2 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-8077 Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escalate privileges and gain full administrative access. This vulnerability allows all restrictions to be bypassed and completely compromises system management. [email protected] 8.6 0.25% 2026-05-08 2026-06-17
CVE-2026-8076 Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This could allow an attacker to easily perform a brute-force attack against a user and gain access by trying different PINs without the account being locked. Successful exploitation of this vulnerability could re [email protected] 9.3 0.32% 2026-05-08 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence