Nexo-os Security Vulnerabilities and Issues — Nexo-os CVE List

Lucene search

BoschNexo-os

5 matches found

CVE•added 2024/01/10 1:15 p.m.•50 views

CVE-2023-48252

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.

8.8CVSS8.4AI score0.0068EPSS

CVE•added 2024/01/10 1:15 p.m.•33 views

CVE-2023-48257

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...

8.8CVSS8.8AI score0.00638EPSS

CVE•added 2024/01/10 1:15 p.m.•32 views

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accoun...

8.8CVSS8.3AI score0.00809EPSS

CVE•added 2024/01/10 11:15 a.m.•26 views

CVE-2023-48243

The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.

8.8CVSS8.7AI score0.02069EPSS

CVE•added 2024/01/10 1:15 p.m.•26 views

CVE-2023-48258

The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTPrequest through a victim’s session.

8.1CVSS7.8AI score0.00443EPSS