Miniserver Go Gen 2@* Security Vulnerabilities and Issues — Miniserver Go Gen 2@* CVE List

Lucene search

LoxoneMiniserver Go Gen 2*

3 matches found

CVE•added 2023/07/05 8:15 p.m.•2472 views

CVE-2023-36622

The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.

7.2CVSS6.8AI score0.00271EPSS

CVE•added 2023/07/05 8:15 p.m.•25 views

CVE-2023-36624

Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.

7.8CVSS7.8AI score0.00085EPSS

CVE•added 2023/07/05 8:15 p.m.•24 views

CVE-2023-36623

The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges.

7.8CVSS7.7AI score0.00029EPSS