Tbox Lt2-532 Firmware Security Vulnerabilities
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.
9.8CVSS
9.5AI Score
0.002EPSS
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.
7.5CVSS
7.4AI Score
0.001EPSS
Ovarro TBox TWinSoft uses the custom hardcoded user βTWinSoftβ with a hardcoded key.
9.8CVSS
9.3AI Score
0.002EPSS
The βipkβ package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
9.8CVSS
9.5AI Score
0.002EPSS
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.
9.8CVSS
9.3AI Score
0.002EPSS
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.
9.8CVSS
9.5AI Score
0.005EPSS