Rely-Pcie Firmware Security Vulnerabilities

CVE-2023-47573

An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.

CVE-2023-47574

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled.

CVE-2023-47575

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS.

CVE-2023-47576

An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface.

CVE-2023-47577

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password.

CVE-2023-47578

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface.

CVE-2023-47579

Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.