EUVD-2023-35555

Malicious code in bioql PyPI...

EUVD-2024-45181

Malicious code in bioql PyPI...

CVE-2024-50381

A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a reque...

CVE-2023-28649

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but do...

Design/Logic Flaw

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation...

CVE-2023-25183

CVE-2023-25183 affects Snap One OvrC Pro prior to version 7.2. The vulnerability arises from a hidden/extra functionality accessible when logged in as the superuser, which could allow an attacker to execute arbitrary commands on the hub device. Multiple sources classify the impact as high, with p...

CVE-2023-25183

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device...

CVE-2023-31240

Summary: CVE-2023-31240 affects Snap One OvrC Pro, specifically versions prior to 7.2. The issue is a hard-coded-credentials based hidden superuser account, accessible via the local web server running on affected devices, potentially exposing control to the network and remote access. The Red Hat/...

CVE-2023-31240

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials...

CVE-2023-28386

CVE-2023-28386 affects Snap One OvrC Pro devices (7.2 and earlier). The root cause is improper firmware update validation: only the MD5 hash is checked, with no PKI-based firmware signature verification, enabling upload of arbitrary firmware and remote code execution. Public details in multiple s...

CVE-2023-28386

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrar...

CVE-2023-31193

CVE-2023-31193 concerns Snap One OvrC Pro prior to version 7.3, where firmware/programs are downloaded over HTTP instead of HTTPS. This weakens transport security and can enable exploitation affecting OvrC Pro devices. The public material specifies the vulnerability as a cleartext transmission is...

CVE-2023-31193

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation...

CVE-2023-31241

CVE-2023-31241 affects Snap One OvrC cloud services (OvrC Pro/Connect). The issue is an access-control route that lets an attacker bypass requirements and claim unclaimed devices by bypassing the serial-number check. Root cause: improper access controls/identity checks in the device-to-cloud inte...

CVE-2023-28412

The CVE-2023-28412 entry describes an information disclosure vulnerability in the Snap One OvrC cloud platform. When a random MAC address is supplied, the OvrC cloud servers enumerate the MAC and disclose device information, enabling an attacker to obtain data about devices connected to the cloud...

CVE-2023-28649

CVE-2023-28649 affects Snap One OvrC cloud platform hubs (OvrC Pro/Connect). A input-validation flaw lets an attacker impersonate a hub to send device-claim requests and bypass checks for devices already managed by another user, enabling potential unauthorized access and, per advisory context, po...

PT-2023-23261 · Snap One · Ovrc Pro

Name of the Vulnerable Software and Affected Versions: Snap One OvrC Pro versions prior to 7.2 Description: The issue concerns a locally running web server in Snap One OvrC Pro that is accessible from both the local network and remotely. Additionally, there is a hidden superuser account in OvrC...

Snap One OvrC Cloud 安全漏洞

Snap One OvrC is a free cloud-based remote management and monitoring platform from Snap One USA. The Snap One OvrC Cloud suffers from a security vulnerability that stems from the fact that the MAC address of a device can be enumerated in an attack, which can be exploited by an attacker to gain...

Snap One OvrC Cloud (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Snap One Equipment: OvrC Cloud, OvrC Pro Devices Vulnerabilities: Improper Input Validation, Observable Response Discrepancy, Improper Access Control, Cleartext Transmission of Sensitive Information,...

CVE-2023-23582

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely...