Welotec SmartEMS Web Application 路径遍历漏洞

Welotec SmartEMS Web Application is a web-based application with energy management and monitoring capabilities from Welotec, Germany. A path traversal vulnerability exists in the Welotec SmartEMS Web Application, which stems from insufficient validation of the upload endpoint and could lead to...

Welotec多款产品 安全漏洞

Welotec EG400Mk2 series and Welotec EG500Mk2 series are a series of edge IoT computing gateways from Welotec, Germany. A security vulnerability exists in several Welotec products that stems from JWT keys hardcoded in the egOS WebGUI backend, which could lead to bypassing authentication and...

Welotec Industrial Routers OS Command Injection (CVE-2023-1082)

An remote attacker with low privileges can perform a command injection which can lead to root access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Welotec Industrial Routers Improper Access Control (CVE-2023-1083)

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

CVE-2024-3911 Welotec: Clickjacking Vulnerability in WebUI

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames...

CVE-2024-3911 Welotec: Clickjacking Vulnerability in WebUI

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames...

Welotec SMART EMS 安全漏洞

Welotec SMART EMS is a solution for centralized management of distributed devices from Welotec. A security vulnerability exists in Welotec SMART EMS versions prior to 3.1.4 that stems from the presence of a clickjacking vulnerability that could trick a user into performing an unexpected action...

CVE-2023-1083 Welotec: improper access control in TK500v1 router series

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates...

CVE-2023-1083 Welotec: improper access control in TK500v1 router series

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates...

CVE-2023-1082 Welotec: Command injection vulnerability in TK500v1 router series

An remote attacker with low privileges can perform a command injection which can lead to root access...

PT-2024-11933 · Welotec · Tk515L +13

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker with low privileges can perform a command injection, potentially leading to root access. Recommendations: At the moment, there is no...

Welotec TK500 访问控制错误漏洞

The Welotec TK500 is an industrial-grade 4G LTE router from Welotec. The Welotec TK500 suffers from an access control error vulnerability that originates from the fact that an unauthenticated, remote attacker who knows the name of the MQTT topic can send and receive messages, including GET/SET...

Welotec TK500 操作系统命令注入漏洞

The Welotec TK500 is an industrial-grade 4G LTE router from Welotec. The Welotec TK500 suffers from an operating system command injection vulnerability that originates from a remote attacker with low privileges who can perform command injection to gain root access...