19 matches found
CVE-2020-24052
Several XML External Entity XXE vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition DTD in an XML request...
CVE-2020-24053
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...
EUVD-2020-16787
Malware in sbrugna...
EUVD-2020-16789
Malware in sbrugna...
EUVD-2020-16790
Malware in sbrugna...
CVE-2020-24053
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...
CVE-2020-24051
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issu...
CVE-2020-24052
Several XML External Entity XXE vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition DTD in an XML request...
Authentication flaw
The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issu...
Hardcoded credentials
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...
Command injection
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments;...
Xxe
Several XML External Entity XXE vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition DTD in an XML request...
CVE-2020-24054
The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments;...
CVE-2020-24054
The CVE-2020-24054 issue affects Moog EXO Series EXVF5C-2 and EXVP7C2-3 administration consoles. The vulnerability arises from a privileged “statusbroadcast” feature that can spawn a specified binary repeatedly at set intervals as root. Although the feature accepts only a binary path without argu...
CVE-2020-24053
Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...
CVE-2020-24053
The CVE-2020-24053 entry concerns Moog EXO Series devices EXVF5C-2 and EXVP7C2-3 with hardcoded credentials that could expose confidentiality when using FTP, Telnet, or SSH. Root cause is a hardcoded credential vulnerability. Connected sources confirm the affected models and access vectors but do...
CVE-2020-24052
CVE-2020-24052 concerns the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units. The vulnerability is an XML External Entity (XXE) issue where a crafted DTD in an XML request enables remote unauthenticated attackers to read arbitrary files on the device. Public references in the initial data corroborate...
CVE-2020-24052
Several XML External Entity XXE vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition DTD in an XML request...
CVE-2020-24051
The CVE-2020-24051 entry affects Moog EXO Series EXVF5C-2 and EXVP7C2-3 units. The ONVIF authentication for certain operations can be bypassed, allowing an attacker to perform privileged actions without authentication, such as creating a new Administrator user. NVD notes a high/critical impact (C...