Ak-em100 Firmware Security Vulnerabilities and Issues — Ak-em100 Firmware CVE List | Vulners.com

Lucene search

K

DanfossAk-em100 Firmware

7 matches found

CVE•added 2023/06/11 2:15 p.m.•33 views

CVE-2023-25911

The Danfoss AK-EM100 web applications allow for an authenticated user to perform OS command injection through the web application parameters.

9.9CVSS9.8AI score0.00689EPSS

CVE•added 2023/06/11 2:15 p.m.•30 views

CVE-2023-22585

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.

9CVSS6.4AI score0.00105EPSS

CVE•added 2023/06/11 2:15 p.m.•30 views

CVE-2023-22586

The Danfoss AK-EM100 web applications allow for Local File Inclusion in the file parameter.

7.7CVSS7.6AI score0.00096EPSS

CVE•added 2023/06/11 2:15 p.m.•29 views

CVE-2023-22582

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.

9CVSS6.7AI score0.00105EPSS

CVE•added 2023/06/11 2:15 p.m.•28 views

CVE-2023-22583

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.

10CVSS10AI score0.00073EPSS

CVE•added 2023/06/11 2:15 p.m.•28 views

CVE-2023-22584

The Danfoss AK-EM100 stores login credentials in cleartext.

7.5CVSS7.6AI score0.00047EPSS

CVE•added 2023/06/11 2:15 p.m.•26 views

CVE-2023-25912

The webreport generation feature in the Danfoss AK-EM100 allows an unauthorized actor to generate a web report that discloses sensitive information such as the internal IP address, usernames and internal device values.

5.3CVSS5.1AI score0.00098EPSS