CVE-2022-42786

Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage...

CVE-2022-42787

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...

CVE-2022-42787

Wiesemann & Theis Comserver Series (W&T Comserver) is affected by CVE-2022-42787 due to using a small number space for session IDs. After a user logs in, an unauthenticated remote attacker can brute-force a valid session ID to gain access to the user’s account on the device. User interaction is r...

CVE-2022-42786

CVE-2022-42786 concerns the Wiesemann & Theis ComServer Series web interface. The vulnerability is an XSS flaw in the configuration webpage title, allowing an authenticated remote attacker to inject and execute arbitrary web scripts/HTML. The root cause is described in a few sources as an imprope...

CVE-2022-42785

CVE-2022-42785 affects Wiesemann & Theis ComServer Series (serial device servers). The authenticated bypass allows an unauthenticated remote attacker to log in without a password by crafting a modified HTTP GET request. The vulnerability is documented across multiple sources (NVD, CVE list, Nessu...