19 matches found
CVE-2025-3497
The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...
CVE-2025-3497
The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...
CVE-2025-3499 Unauthenticated execution of arbitrary commands in Radiflow iSAP Smart Collector
The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. Exploiting OS command injection through these APIs, an attacker can send arbitrary commands that are executed with administrative permissions by the underlying operating system...
CVE-2025-3498
CVE-2025-3498 affects Radiflow iSAP Smart Collector (CentOS 7 – VSAP 1.20). Two web servers expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). An unauthenticated user with management-network access can retrieve and modify all system settings, modify configuratio...
CVE-2025-3498 Unauthenticated modification of Radiflow iSAP Smart Collector configuration
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...
CVE-2025-3497 Radiflow iSAP Smart Collector Linux distribution unmaintained
The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...
CVE-2025-27028 Read access of deprivileged Radiflow iSAP Smart Collector user
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 can read the entire file system content, including files belonging to other users and having restricted access like, for example, the root password hash...
CVE-2025-27027 Restricted shell evasion in Radiflow iSAP Smart Collector
A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions...
CVE-2025-27027
CVE-2025-27027 concerns Radiflow iSAP Smart Collector. Multiple connected sources describe a scenario where a user with vpuser credentials who opens an SSH connection can escape rbash restrictions and obtain a full-featured Linux shell. The root cause, as stated in PT-2025-28859, involves bypassi...
CVE-2025-27027 Restricted shell evasion in Radiflow iSAP Smart Collector
A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions...
PT-2025-28859 · Radiflow · Radiflow Isap Smart Collector
Name of the Vulnerable Software and Affected Versions: Radiflow iSAP Smart Collector version 1.20 Description: The issue allows a user with vpuser credentials to bypass restricted shell rbash limitations and access a full-featured Linux shell when connecting to the device via SSH. This is possibl...
Radiflow iSAP Smart Collector 安全漏洞
Radiflow iSAP Smart Collector is a remote traffic collection and forwarding appliance designed for industrial networks from Radiflow USA. A security vulnerability exists in Radiflow iSAP Smart Collector that stems from an outdated underlying Linux distribution, which could result in an unmitigate...
Radiflow iSAP Smart Collector 安全漏洞
Radiflow iSAP Smart Collector is a remote traffic collection and forwarding appliance designed for industrial networks from Radiflow USA. A security vulnerability exists in the Radiflow iSAP Smart Collector that stems from an OS command injection in an unauthenticated REST API on the management...
PT-2025-28864 · Radiflow · Radiflow Isap Smart Collector
Name of the Vulnerable Software and Affected Versions: Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 Description: An unauthenticated user with management network access can access and modify the configuration of the Radiflow iSAP Smart Collector. The device has two web servers that expose...
Radiflow iSAP Smart Collector 安全漏洞
Radiflow iSAP Smart Collector is a remote traffic collection and forwarding device designed for industrial networks from Radiflow USA. A security vulnerability exists in the Radiflow iSAP Smart Collector that originates from a vpuser user being able to read the entire file system contents,...
Radiflow iSAP Smart Collector 安全漏洞
Radiflow iSAP Smart Collector is a remote traffic collection and forwarding appliance designed for industrial networks from Radiflow USA. A security vulnerability exists in the Radiflow iSAP Smart Collector that originates from an unauthenticated REST API on the management network and could lead ...
PT-2025-28861 · Red Hat +1 · Centos 7 +1
Name of the Vulnerable Software and Affected Versions: Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 Description: The Linux distribution underlying the Radiflow iSAP Smart Collector is obsolete and has reached end of life, posing a cybersecurity risk. Any unmitigated vulnerability could be...
PT-2025-28860 · Radiflow · Isap Smart Collector
Name of the Vulnerable Software and Affected Versions: Radiflow iSAP Smart Collector version 1.20 Description: The issue allows a deprivileged Linux user to read the entire file system content, including files belonging to other users and having restricted access, such as the root password hash...
Radiflow iSAP Smart Collector 安全漏洞
Radiflow iSAP Smart Collector is a remote traffic collection and forwarding appliance designed for industrial networks from Radiflow USA. A security vulnerability exists in the Radiflow iSAP Smart Collector that stems from bypassing the rbash restriction and could lead to obtaining the full Linux...