14 matches found
CVE-2021-45420
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...
CVE-2021-45421
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced...
Design/Logic Flaw
UNSUPPORTED WHEN ASSIGNED Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication...
Information disclosure
UNSUPPORTED WHEN ASSIGNED Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed ...
CVE-2021-45420
Emerson Dixell XWEB-500 devices are affected by an unauthenticated arbitrary file-write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. Exploitation allows writing arbitrary files to the target system, with potential denial of service and remote ...
CVE-2021-45420
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...
CVE-2021-45421
Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A potential attacker can use this misconfiguration to access all the files in the remote directories. Note: the product has not been supported since 2018 and should be removed or replaced...
CVE-2021-45421
Summary (CVE-2021-45421): Emerson Dixell XWEB-500 products are affected by information disclosure via directory listing. A misconfiguration in the embedded web server allows an attacker to access files in remote directories. The affected device is described as no longer supported since 2018 and s...
PT-2022-7246 · Emerson · Emerson Dixell Xweb-500
Name of the Vulnerable Software and Affected Versions: Emerson Dixell XWEB-500 affected versions not specified Description: The issue is related to information disclosure via directory listing, allowing a potential attacker to access all files in remote directories. This is due to a...
Emerson Dixell XWEB-500 信息泄露漏洞
The Emerson Xweb-500 is a data logging and remote monitoring system based on Web server technology from Emerson Electric Company USA. An information disclosure vulnerability exists in the Emerson Dixell XWEB-500 that stems from the Emerson Dixell XWEB-500 product being affected by information...
Emerson Xweb-500 授权问题漏洞
Emerson Xweb-500 is a data logging and remote monitoring system based on Web server technology from Emerson Electric Company USA. An authorization issue vulnerability exists in Emerson Xweb-500 that arises from the Emerson Dixell XWEB-500 product being affected by /cgi-bin/logoextraupload.cgi,...
Dixell XWEB 500 - Arbitrary File Write Vulnerability
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...
Dixell XWEB 500 Arbitrary File Write
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...
Dixell XWEB 500 - Arbitrary File Write
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...