V-Zug Combi-Steam MSLQ Memory Corruption Vulnerability

The V-Zug Combi-Steam MSLQ is an all-in-one microwave, oven, and steam machine unit from Swiss Swiss V-Zug. A security vulnerability exists in the V-Zug Combi-Steam MSLQ using firmware versions prior to Ethernet R07 and firmware versions prior to WLAN R05. An attacker could exploit the...

V-Zug Combi-Steam MSLQ Cross-Site Request Forgery Vulnerability

The V-Zug Combi-Steam MSLQ is an all-in-one microwave, oven, and steam machine unit from Swiss Swiss V-Zug. A cross-site request forgery vulnerability exists in the V-Zug Combi-Steam MSLQ using firmware versions prior to Ethernet R07 and firmware versions prior to WLAN R05. The vulnerability stem...

V-Zug Combi-Steam MSLQ Authorization Issues Vulnerability

The V-Zug Combi-Steam MSLQ is an all-in-one microwave, oven, and steam machine unit from Swiss Swiss V-Zug. An authorization issue vulnerability exists in the V-Zug Combi-Steam MSLQ using firmware versions prior to Ethernet R07 and firmware versions prior to WLAN R05. The vulnerability stems from...

CVE-2019-17217

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no CSRF protection established on the web service...

CVE-2019-17219

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control...

CVE-2019-17216

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort...

Code injection

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection e.g., lockout established. An attacker might be able to bruteforce the password to authenticate on the device...