Lucene search
K

255 matches found

OSV
OSV
added 2024/06/06 1:15 p.m.3 views

CVE-2024-5684

An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...

8.8CVSS5.8AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/06 12:54 p.m.37 views

CVE-2024-5684 ID Charger Connect & Pro - JWT-Null-Algorithm

An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...

6.3CVSS6.5AI score0.00188EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.12 views

Meinberg Multiple Vulnerabilities in LANTIME Products (CVE-2017-16787)

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

6.5CVSS6.5AI score0.06617EPSS
Exploits7References4
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.12 views

Meinberg Multiple Vulnerabilities in LANTIME Products (CVE-2017-16786)

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via 1 the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or 2 vectors involving curl support of the file schema in the...

6.8CVSS6.7AI score0.02012EPSS
Exploits0References4
NVD
NVD
added 2024/01/29 2:15 p.m.14 views

CVE-2024-1015

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

9.8CVSS9.8AI score0.01446EPSS
Exploits0References2
OSV
OSV
added 2024/01/29 2:15 p.m.3 views

CVE-2024-1015

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

9.8CVSS5.9AI score0.01446EPSS
Exploits1References2
Prion
Prion
added 2024/01/29 2:15 p.m.18 views

Design/Logic Flaw

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

7.5CVSS7.6AI score0.01446EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/29 1:46 p.m.4 views

CVE-2024-1015 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

9.8CVSS9.8AI score0.01446EPSS
Exploits0References2
CVE
CVE
added 2024/01/29 1:46 p.m.55 views

CVE-2024-1015

CVE-2024-1015 describes a remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could execute commands from the operating system through the device’s web configuration interface. The CVSSv3.1 score is 9.8 (CRITICAL) with AV:N/AC:...

9.8CVSS9.6AI score0.01446EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/29 1:46 p.m.22 views

CVE-2024-1015 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

9.8CVSS9.9AI score0.01446EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.4 views

PT-2024-1441 · Se Elektronic Gmbh · E-Ddc3.3

Name of the Vulnerable Software and Affected Versions: SE-elektronic GmbH E-DDC3.3 versions 03.07.03 and higher Description: The issue is related to a remote command execution vulnerability in the web configuration functionality of the device, allowing an attacker to send different commands from...

9.8CVSS8.6AI score0.01446EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.5 views

SE-elektronic GmbH E-DDC Code Injection Vulnerability

The SE-elektronic GmbH E-DDC is a freely configurable building controller from SE-elektronic GmbH, Germany. A code injection vulnerability exists in SE-elektronic GmbH E-DDC version 3.3 03.07.03 and earlier, which originates from allowing an attacker to send different commands to the system from...

9.8CVSS7.5AI score0.01446EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.6 views

PT-2024-12512 · Solax · Solax Pocket Wifi

Name of the Vulnerable Software and Affected Versions: SolaX Pocket WiFi versions 3 through 3.001.02 Description: An issue was discovered where the device provides a WiFi access point with no network authentication, such as an encryption key, and this network persists permanently. The WiFi networ...

9.8CVSS9.3AI score0.00508EPSS
Exploits0References5
NVD
NVD
added 2023/12/29 10:15 a.m.32 views

CVE-2023-4462

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...

5.9CVSS0.0092EPSS
Exploits2References7
CVE
CVE
added 2023/12/29 9:31 a.m.80 views

CVE-2023-4462

CVE-2023-4462 affects Poly Trio/CCX/VVX devices (e.g., Trio 8300/8500/8800, C60, CCX 350/400/500/505/600/700, EDGE E100/E220/E300/E320/E350/E400/E450/E500/E550, VVX series 101/150/201/250/300/301/310/311/350/400/401/410/411/450/500/501/600/601). The issue resides in the Web Configuration Applicat...

5.9CVSS5AI score0.0092EPSS
Exploits2References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.8 views

PT-2023-29274 · Poly · Edge E220 +36

Name of the Vulnerable Software and Affected Versions: Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX...

5.9CVSS6.9AI score0.0092EPSS
Exploits2References12
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.7 views

Poly Trio Security Feature Issue Vulnerability

Poly Trio is a Trio series business conference phone from Poly USA. A security signature issue vulnerability exists in Poly CCX and Trio that stems from a security signature issue vulnerability in the component Web Configuration Application. Affected products and versions: Poly CCX version 400, C...

5.9CVSS6.8AI score0.0092EPSS
Exploits2References9
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.5 views

The vulnerability of the httpd.gwcfg.cgi function in the microprogramming software of industrial Wi-Fi routers like Yifan YF325 allows a hacker to execute arbitrary code.

The vulnerability of the httpd.gwcfg.cgi function in the microprogramming software for industrial Wi-Fi routers Yifan YF325 relates to reading data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.3AI score0.01292EPSS
Exploits0References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/02 5:55 a.m.2 views

SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)

Overview SEIKO EPSON printer Web Config contains a denial-of-service DoS vulnerability due to improper input validation CWE-20. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the...

7.8CVSS6.6AI score0.00644EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.23 views

Moxa IKS, EDS Out-of-Bounds Read (CVE-2019-6522)

Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. This plugin only works with Tenable.ot. Please visit...

9.1CVSS8.4AI score0.02518EPSS
Exploits0References2
Rows per page
Query Builder