Roomwizard Firmware Security Vulnerabilities - November

CVE-2018-7055

GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.

CVE-2018-7056

RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action.

CVE-2018-7057

RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.