Snap One Wattbox 信任管理问题漏洞

The Snap One Wattbox is a series of power solutions developed by Snap One Corporation. The Snap One WattBox 800 and 820, versions prior to 2.10.0.0, had a trust management vulnerability. This vulnerability stemmed from the inclusion of undisclosed diagnostic HTTP endpoints, which could allow...

CVE-2023-25183

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device...

CVE-2023-31240

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials...

CVE-2023-31245

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redire...

CVE-2023-31241

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...

EUVD-2024-45182

Malicious code in bioql PyPI...

EUVD-2024-45181

Malicious code in bioql PyPI...

EUVD-2023-35560

Malicious code in bioql PyPI...

EUVD-2023-35555

Malicious code in bioql PyPI...

EUVD-2023-32108

Malicious code in bioql PyPI...

EUVD-2023-26478

Malicious code in bioql PyPI...

EUVD-2023-27682

Malicious code in bioql PyPI...

EUVD-2023-32082

Malicious code in bioql PyPI...

EUVD-2023-28084

Malicious code in bioql PyPI...

EUVD-2023-29147

Malicious code in bioql PyPI...

EUVD-2023-26552

Malicious code in bioql PyPI...

EUVD-2023-32310

Malicious code in bioql PyPI...

CVE-2024-50380

Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device...

CVE-2024-50381

A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a reque...

CVE-2023-24020

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login...