Exvp7c2-3 Firmware Security Vulnerabilities and Issues — Exvp7c2-3 Firmware CVE List

Lucene search

MoogExvp7c2-3 Firmware

4 matches found

CVE•added 2020/08/21 3:15 p.m.•36 views

CVE-2020-24051

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations can be bypassed. An attacker can abuse this issue ...

10CVSS9.4AI score0.00461EPSS

CVE•added 2020/08/21 3:15 p.m.•33 views

CVE-2020-24054

The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only takes a path to a binary without arguments; howe...

10CVSS9.7AI score0.00629EPSS

CVE•added 2020/08/21 3:15 p.m.•28 views

CVE-2020-24052

Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.

9.1CVSS9AI score0.01419EPSS

CVE•added 2020/08/21 3:15 p.m.•26 views

CVE-2020-24053

Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.

7.5CVSS7.5AI score0.0029EPSS