2376 matches found
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-36609
CVE-2023-36609 affects Ovarro TBox RTUs where OpenVPN runs with root privileges and can execute user-defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script to the TBox host to gain root privileges. Mitigation from CISA/EU/NVD references: update ...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
Ovarro TBox RTUs 安全漏洞
Ovarro TBox RTUs is a modular remote monitoring and automation solution from Ovarro Germany. The Ovarro TBox RTUs suffers from a security vulnerability that originates from running OpenVPN with root privileges and the ability to run user-defined configuration scripts, which allows an attacker to...
PT-2023-25630 · Tbox Rtus +1 · Tbox Rtus +1
Name of the Vulnerable Software and Affected Versions: TBox RTUs affected versions not specified Description: The issue concerns TBox RTUs that run OpenVPN with root privileges and are capable of executing user-defined configuration scripts. An attacker can set up a local OpenVPN server and push ...
Ovarro TBox RTUs
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ovarro Equipment: TBox RTUs Vulnerabilities: Missing Authorization, Use of Broken or Risky Cryptographic Algorithm, Inclusion of Functionality from Untrusted Control Sphere, Insufficient Entropy,...
CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...
CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...
CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...
Authentication flaw
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...
CVE-2023-33621
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session replay...
CVE-2023-33621
CVE-2023-33621 concerns GL.iNET GL-AR750S-Ext firmware v3.215. The OpenVPN Server config file download issue causes the admin authentication token to be inserted into a GET request, leaving the token in browser history or access logs. This could allow a session-replay based bypass of authenticati...
PT-2023-24408 · Gl.Inet · Gl-Ar750S-Ext
Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR750S-Ext firmware version 3.215 Description: The issue concerns the insertion of the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. This token is then left in the browser history ...
GL.iNet GL-AR750S-Ext 安全漏洞
The GL.iNet GL-AR750S-Ext is a wireless router from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet GL-AR750S-Ext version 3.215, which originates from the insertion of an administrator authentication token into a GET request when downloading the OpenVPN server...
CVE-2023-32348
Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network VPN hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The...
CVE-2023-32348
Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network VPN hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The...
Cross site scripting
Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network VPN hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The...
CVE-2023-32348
Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network VPN hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The...
CVE-2023-32348
Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network VPN hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The...
CVE-2023-32348
CVE-2023-32348 affects Teltonika RMS (pre-4.10.0) and related RUT routers. The issue arises from the RMS VPN hub feature using OpenVPN, which allows new devices to communicate with all VPN-connected devices and enables routing through the OpenVPN server. This can let an attacker route traffic to ...