CVE-2021-44793 HIGH

CVE-2021-44793: Information Leakege via Unauthorized Access in Single Connect

Vendor Kron
Product Single Connect
Weakness CWE-862 · Missing authorization
Published January 27, 2022
Last update May 18, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a remote attacker to obtain sensitive information including the database credentials. Since the database runs with high privileges it is possible to execute commands with the attained credentials.

Key dates

02Disclosure timeline

January 27, 2022 CVE published
May 18, 2026 Record updated