255 matches found
CVE-2024-5684
An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...
CVE-2024-5684 ID Charger Connect & Pro - JWT-Null-Algorithm
An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...
Meinberg Multiple Vulnerabilities in LANTIME Products (CVE-2017-16787)
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Meinberg Multiple Vulnerabilities in LANTIME Products (CVE-2017-16786)
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via 1 the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or 2 vectors involving curl support of the file schema in the...
CVE-2024-1015
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...
CVE-2024-1015
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...
Design/Logic Flaw
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...
CVE-2024-1015 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...
CVE-2024-1015
CVE-2024-1015 describes a remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could execute commands from the operating system through the device’s web configuration interface. The CVSSv3.1 score is 9.8 (CRITICAL) with AV:N/AC:...
CVE-2024-1015 Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...
PT-2024-1441 · Se Elektronic Gmbh · E-Ddc3.3
Name of the Vulnerable Software and Affected Versions: SE-elektronic GmbH E-DDC3.3 versions 03.07.03 and higher Description: The issue is related to a remote command execution vulnerability in the web configuration functionality of the device, allowing an attacker to send different commands from...
SE-elektronic GmbH E-DDC Code Injection Vulnerability
The SE-elektronic GmbH E-DDC is a freely configurable building controller from SE-elektronic GmbH, Germany. A code injection vulnerability exists in SE-elektronic GmbH E-DDC version 3.3 03.07.03 and earlier, which originates from allowing an attacker to send different commands to the system from...
PT-2024-12512 · Solax · Solax Pocket Wifi
Name of the Vulnerable Software and Affected Versions: SolaX Pocket WiFi versions 3 through 3.001.02 Description: An issue was discovered where the device provides a WiFi access point with no network authentication, such as an encryption key, and this network persists permanently. The WiFi networ...
CVE-2023-4462
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250,...
CVE-2023-4462
CVE-2023-4462 affects Poly Trio/CCX/VVX devices (e.g., Trio 8300/8500/8800, C60, CCX 350/400/500/505/600/700, EDGE E100/E220/E300/E320/E350/E400/E450/E500/E550, VVX series 101/150/201/250/300/301/310/311/350/400/401/410/411/450/500/501/600/601). The issue resides in the Web Configuration Applicat...
PT-2023-29274 · Poly · Edge E220 +36
Name of the Vulnerable Software and Affected Versions: Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX...
Poly Trio Security Feature Issue Vulnerability
Poly Trio is a Trio series business conference phone from Poly USA. A security signature issue vulnerability exists in Poly CCX and Trio that stems from a security signature issue vulnerability in the component Web Configuration Application. Affected products and versions: Poly CCX version 400, C...
The vulnerability of the httpd.gwcfg.cgi function in the microprogramming software of industrial Wi-Fi routers like Yifan YF325 allows a hacker to execute arbitrary code.
The vulnerability of the httpd.gwcfg.cgi function in the microprogramming software for industrial Wi-Fi routers Yifan YF325 relates to reading data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
SEIKO EPSON printer Web Config vulnerable to denial-of-service (DoS)
Overview SEIKO EPSON printer Web Config contains a denial-of-service DoS vulnerability due to improper input validation CWE-20. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and SEIKO EPSON CORPORATION coordinated under the...
Moxa IKS, EDS Out-of-Bounds Read (CVE-2019-6522)
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. This plugin only works with Tenable.ot. Please visit...