cvedb.io
CVE-2021-3325
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2021-01-27T19:15:13.983 · Last modified 2026-06-17T04:04:56.593

Summary

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.

Affected products

fibranet — monitorix

Does this affect you?

Add your gear to cvedb and we'll alert you only when fibranet ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.