CVE-2018-18881

A Denial of Service DOS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory rese...

CVE-2018-18882

A stored cross-site scripting XSS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface...

CVE-2018-18881

A Denial of Service DOS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory rese...

CVE-2018-18882

A stored cross-site scripting XSS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface...

CVE-2018-18881

A Denial of Service DOS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory rese...

Design/Logic Flaw

A Denial of Service DOS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory rese...

CVE-2018-18881

A Denial of Service DOS issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory rese...

CVE-2018-18881

CVE-2018-18881 affects ControlByWeb X-320M-I (firmware v1.05 and earlier). The issue is a Denial of Service caused by an authenticated user configuring invalid network settings, which stops TCP communications and requires a physical factory reset to recover. Red Hat and NVD entries corroborate th...

ControlByWeb X-320M

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ControlByWeb Equipment: X-320M Vulnerabilities: Improper Authentication, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow arbitrary code execution...