122 matches found
CVE-2025-24349
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to delete the configuration of physical network interfaces via a crafted HTTP request...
CVE-2025-24348
CVE-2025-24348 affects the web interface of ctrlX OS (Network Interfaces). A remote authenticated, low-privilege attacker can manipulate the wireless network configuration file using a crafted HTTP request. Exploitation status is not detailed in the provided docs; CVSS v3.1 base score is 5.4 (Med...
CVE-2025-24346
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...
CVE-2025-24346
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to manipulate the “/etc/environment” file via a crafted HTTP request...
CVE-2025-24345
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request...
CVE-2025-24345
CVE-2025-24345 affects ctrlX OS web application’s Hosts functionality. A remote authenticated (low-privileged) attacker can manipulate the hosts file via a crafted HTTP request, indicating improper input/authorization handling in the Hosts feature. CVSSv3.1 base score is 6.3 (MEDIUM) with network...
CVE-2025-24345
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request...
CVE-2025-24344
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request...
CVE-2025-24344
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request...
CVE-2025-24343
CVE-2025-24343 affects ctrlX OS via the web app’s “Manages app data” function. The vulnerability allows a remote authenticated, low-privilege attacker to write arbitrary files to arbitrary filesystem paths through a crafted HTTP request. Several sources corroborate the same flaw, with no publicly...
CVE-2025-24343
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request...
CVE-2025-24343
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request...
CVE-2025-24342
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...
CVE-2025-24342
CVE-2025-24342 affects the web-based login functionality of ctrlX OS. The root cause is an improper login process that enables remote, unauthenticated attackers to enumerate valid usernames by sending multiple crafted HTTP requests. This can facilitate targeted credential-guessing attempts agains...
CVE-2025-24342
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests...
CVE-2025-24340
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated low-privileged attacker to recover the plaintext passwords of other users...
CVE-2025-24338
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated lowprivileged attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests...
CVE-2025-24341
A vulnerability in the web application of ctrlX OS allows a remote authenticated low-privileged attacker to induce a Denial-of-Service DoS condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device...
CVE-2025-24341
A vulnerability in the web application of ctrlX OS allows a remote authenticated low-privileged attacker to induce a Denial-of-Service DoS condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device...
CVE-2025-24341
The CVE-2025-24341 vulnerability affects the web application of ctrlX OS. A remote authenticated (low-privileged) attacker can induce a Denial-of-Service (DoS) on the device by sending multiple crafted HTTP requests, with the worst case requiring a full power cycle to regain control. According to...