66 matches found
CVE-2026-21718
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system...
EUVD-2026-8947
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system...
CVE-2026-25085
A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass...
CVE-2026-21718
An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system...
CVE-2026-20797 Copeland XWEB and XWEB Pro Stack-based Buffer Overflow
A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program...
CVE-2026-22877 Copeland XWEB and XWEB Pro Path Traversal
An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack...
CVE-2026-22877
CVE-2026-22877 affects XWEB Pro 1.12.1 and earlier. The Red Hat, NVD, and CVE records describe an unauthenticated arbitrary file-read vulnerability that could allow attackers to read arbitrary files and potentially trigger a denial-of-service. The exploitation status, affected versions beyond 1.1...
CVE-2026-25037
CVE-2026-25037 affects Copeland/ XWEB Pro software, with OS command injection in XWEB Pro 1.12.1 and earlier. The vulnerability arises when a specially crafted LCD state is processed during system setup, allowing an authenticated attacker to achieve remote code execution on the affected system. P...
CVE-2026-25037 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution...
CVE-2026-25196 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...
CVE-2026-25196
CVE-2026-25196 is an OS command injection affecting XWEB Pro before 1.12.1. An authenticated attacker can achieve remote code execution by supplying malicious input in the Wi‑Fi SSID and/or password fields during configuration processing. Multiple sources (Red Hat, NVD, EUVD, CVE records) describ...
CVE-2026-25196 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...
CVE-2026-20764 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote...
CVE-2026-25721 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route...
CVE-2026-25721
CVE-2026-25721 affects XWEB Pro ≤ 1.12.1. An authenticated user can exploit OS command injection via the restore action in API V1 by injecting input into the server username and/or password fields, enabling remote code execution. Red Hat and ENISA references corroborate the weakness. Remediation ...
CVE-2026-23702 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...
CVE-2026-23702
CVE-2026-23702 affects XWEB Pro (v1.12.1 and earlier). AOS command injection in the API V1 route’s import preconfiguration action allows an authenticated attacker to achieve remote code execution by sending crafted input in the server username field. Impact is high (remote code execution, post-au...
CVE-2026-23702 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route...
CVE-2026-24452 Copeland XWEB and XWEB Pro OS Command Injection
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route...
CVE-2026-24452
CVE-2026-24452 describes an OS command injection in XWEB Pro ≤ 1.12.1. An authenticated attacker can achieve remote code execution by supplying a crafted template file to the /devices route. The vulnerability is documented across multiple sources (NVD, Red Hat, EUVD/ENISA, CVE list) with consiste...