43 matches found
CVE-2024-36441
Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device...
CVE-2024-36442
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system...
CVE-2024-36439
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password...
CVE-2024-36445
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication...
CVE-2024-36440
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...
CVE-2024-36444
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs...
CVE-2024-36443
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP...
DiCal-RED 4009 Missing Authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-036 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High Solution Status: Open...
DiCal-RED 4009 Log Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-040 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Status: Open Manufacturer Notification:...
CVE-2024-36441
Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device...
CVE-2024-36444
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs...
CVE-2024-36445
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication...
CVE-2024-36442
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system...
CVE-2024-36439
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password...
CVE-2024-36440
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used...
CVE-2024-36443
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP...
CVE-2024-36441
Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device...
CVE-2024-36445
CVE-2024-36445 affects Swissphone DiCal-RED 4009 devices, where an unauthenticated TELNET access path permits a remote attacker to obtain a root shell. The advisory and linked sources describe a missing-authentication vulnerability (CWE-306) in the DiCal-RED 4009 module, with the CVSSv3.1 vector ...
CVE-2024-36444
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs...
CVE-2024-36442
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system...