8 matches found
CVE-2023-24215
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...
CVE-2023-24215
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...
NOVUS Automation AirGate 4G firmware 安全漏洞
NOVUS Automation AirGate 4G firmware is an industrial IoT gateway firmware system developed by NOVUS Automation in Brazil. Version 1.1.16 of NOVUS Automation AirGate 4G firmware contains a security vulnerability. This vulnerability stems from improper endpoint access control in the /uci/get/...
CVE-2023-24215
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...
PT-2026-41704
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...
CVE-2023-24215
Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request...
CVE-2023-24215
CVE-2023-24215 concerns the NOVUS AirGate 4G firmware v1.1.16, where an incorrect access control on the /uci/get/ endpoint allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. The CVSS3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) yields a base score ...
CVE-2025-70329
TOTOLink X5000R v9.1.0cu2415B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 and other vlanVidLanX parameters are retrieved via UciGetStr and passed to the CsteSystem function without adequate validation or...