45 matches found
CVE-2022-47911
Sewio RTLS Studio (versions 2.0.0–2.6.2) is affected by CVE-2022-47911 due to improper validation of the input module name for backup services, which could allow a remote attacker to access sensitive functions and execute arbitrary system commands. That vulnerability is one of several exposed in ...
CVE-2022-47911 CVE-2022-47911
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system...
CVE-2022-47395 CVE-2022-47395
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its monitor services. An attacker could take advantage of this vulnerability to execute arbitrary maintenance operations and cause a denial-of-service...
CVE-2022-47395
Sewio RTLS Studio vulnerable to CSRF in monitor services (versions 2.0.0–2.6.2). The issue allows an attacker to perform arbitrary maintenance operations, potentially triggering a denial-of-service. CVSS 3.1 base score 8.1 (CON: None, I/H; A/H) per NVD/CISA metrics; attack vector network, user in...
CVE-2022-46733 CVE-2022-46733
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site scripting in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary commands...
CVE-2022-46733
Sewio RTLS Studio, versions 2.0.0 through 2.6.2, are vulnerable to cross-site scripting in the backup services. The issue stems from improper handling of backup data, enabling an attacker to execute arbitrary commands. Practical impact is arbitrary command execution via the backup functionality. ...
CVE-2022-45444
Sewio RTLS Studio
CVE-2022-45444 CVE-2022-45444
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access...
CVE-2022-45127 CVE-2022-45127
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to cross-site request forgery in its backup services. An attacker could take advantage of this vulnerability to execute arbitrary backup operations and cause a denial-of-service condition...
CVE-2022-45127
CVE-2022-45127 affects Sewio’s RTLS Studio, version 2.0.0 through 2.6.2. The vulnerability is a cross-site request forgery (CSRF) in the backup services, enabling an attacker to trigger arbitrary backup operations and cause a denial-of-service condition. The issue is documented across multiple so...
CVE-2022-43483
Sewio RTLS Studio 2.0.0–2.6.2 is vulnerable due to improper input validation of the module name in monitor services, enabling OS command execution. CVE-2022-43483 (OS command injection) is among several vulnerabilities in the same family affecting RTLS Studio 2.0.0–2.6.2, including CVEs 47911, 45...
CVE-2022-43483 CVE-2022-43483
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system...
CVE-2022-43455
Sewio RTLS Studio versions 2.0.0–2.6.2 are affected by improper input validation in the service_start, service_stop, and service_restart modules, enabling an attacker to start, stop, or restart arbitrary services on the server. Affected products: RTLS Studio; root cause: input validation flaw in ...
CVE-2022-43455 CVE-2022-43455
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the servicestart, servicestop, and servicerestart modules of the software. This could allow an attacker to start, stop, or restart arbitrary...
CVE-2022-41989 CVE-2022-41989
Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 does not validate the length of RTLS report payloads during communication. This allows an attacker to send an exceedingly long payload, resulting in an out-of-bounds write to cause a denial-of-service...
Sewio Real-Time Location System (RTLS) Studio 缓冲区错误漏洞
Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. A buffer error vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which stems from not validating the length of the RTLS report payload during communication...
PT-2023-14209 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio
Name of the Vulnerable Software and Affected Versions: Sewio’s Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2 Description: The issue is related to improper input validation of user input to the service start, service stop, and service restart modules of the software. This coul...
Sewio Real-Time Location System (RTLS) Studio 输入验证错误漏洞
Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. An input validation error vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which stems from susceptibility to incorrect input validation of user input to...
PT-2023-15527 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio
Name of the Vulnerable Software and Affected Versions: Sewio’s Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2 Description: The issue is related to improper input validation of user input to several modules and services of the software. This could allow an attacker to delete...
Sewio Real-Time Location System (RTLS) Studio 信任管理问题漏洞
Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. A security vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which originates from hard-coded passwords containing selected users in the application database...