AVTECH Room Alert 3E Exposure of Resource to Wrong Sphere (CVE-2019-13379)

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in. This plugin only works...

AVTECH Room Alert Cleartext Transmission of Sensitive Information (CVE-2024-33471)

An individual with administrative access can change the mail server host within the device. An attacker who has obtained administrative access can update the mail server to an attacker controller IP. When the device attempts to authenticate to the mail server, it will pass the previously configur...

AVTECH Room Alert Cleartext Storage of Sensitive Information (CVE-2024-33470)

When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. When settings are saved, the SMTP credentials are sent back to the device in plain text. This allows an actor with administrative...

EUVD-2019-4875

Malware in sbrugna...

EUVD-2024-31208

Malicious code in bioql PyPI...

EUVD-2024-31209

Malicious code in bioql PyPI...

CVE-2019-13379

On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults=RA reset and using the default credentials to get in...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33471

AVTECH Room Alert 4E v4.4.0 is affected by a Sensor Settings vulnerability that allows an attacker to access SMTP credentials in plaintext via a crafted AJAX request. This affects devices no longer supported by the maintainer. CVSSv3.1: 7.2 (HIGH) with Network attack vector, low complexity, requi...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33470

The CVE-2024-33470 entry affects AVTECH Room Alert 4E v4.4.0, with a root cause in the SMTP Email Settings that can expose credentials in plaintext via a passback attack. The issue is documented across multiple sources (including PT-2024-25275) and is tied to products that are no longer supported...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2024-25275 · Avtech · Avtech Room Alert 4E

Name of the Vulnerable Software and Affected Versions: AVTECH Room Alert 4E version 4.4.0 Description: An issue in the SMTP Email Settings allows attackers to gain access to credentials in plaintext via a passback attack. This issue only affects products that are no longer supported by the...

AVTECH Software Room Alert 4E 安全漏洞

AVTECH Software Room Alert 4E is an environmental monitoring device from AVTECH Software, Inc. A security vulnerability exists in AVTECH Software Room Alert 4E version v4.4.0, which originates from a vulnerability that allows an attacker to gain access to SMTP credentials in plaintext via a craft...

AVTECH Software Room Alert 4E 安全漏洞

AVTECH Software Room Alert 4E is an environmental monitoring device from AVTECH Software. A security vulnerability exists in AVTECH Software Room Alert 4E version v4.4.0, which originated from a vulnerability that allows an attacker to gain access to plaintext credentials via a pass-back attack...

PT-2024-25276 · Avtech · Avtech Room Alert 4E

Name of the Vulnerable Software and Affected Versions: AVTECH Room Alert 4E version 4.4.0 Description: An issue in the Sensor Settings allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request to an unspecified API endpoint. This issue only affects products that...