SATO CL4NX-J Improper Authentication (CVE-2023-5326)

A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The explo...

CVE-2026-26333

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

CVE-2026-26333 Calero VeraSMART < 2022 R1 .NET Remoting Arbitrary File Read Leading to ViewState RCE

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

EPSON Printers Improper Authentication (CVE-2022-36133)

The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2025-66635

Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under References...

CVE-2025-64054

A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload=submit endpoint...

CVE-2025-64053

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload=submit endpoint...

EUVD-2025-201424

A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

CVE-2025-64054

A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

CVE-2025-64053

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

PT-2025-49254

A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

CVE-2025-64054

A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

CVE-2025-64054

Fanvil x210 devices running version 2.12.20 are affected by CVE-2025-64054, a reflected XSS vulnerability that can be triggered by a crafted POST to /cgi-bin/webconfig?page=upload&action=submit. The issue can lead to denial of service and potentially arbitrary command execution. Public or vendor-...

CVE-2025-64054

A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

CVE-2025-64053

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

CVE-2025-64053

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

PT-2025-49253

Name of the Vulnerable Software and Affected Versions Fanvil x210 version 2.12.20 Description A buffer overflow exists on Fanvil x210 devices. An attacker can send a crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint, potentially leading to a denial of service or...

CVE-2025-64053

CVE-2025-64053 affects Fanvil x210 on version 2.12.20. A buffer overflow in the /cgi-bin/webconfig?page=upload&action=submit endpoint can allow a crafted POST to cause denial of service or potentially execute arbitrary commands. Documented impact is high (CVSS 3.1: AV N, AC L, PR N, UI N, S U, C ...

CVE-2025-64310

EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack...

EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts

Overview EPSON WebConfig / Epson Web Control for SEIKO EPSON Projector Products provided by SEIKO EPSON CORPORATION contain the following vulnerability. Improper restriction of excessive authentication attempts CWE-307 - CVE-2025-64310 Vladislav Khegay and Aigerim Alibek of Astana IT University...