Tbox Rm2 Firmware Security Vulnerabilities and Issues — Tbox Rm2 Firmware CVE List

Lucene search

OvarroTbox Rm2 Firmware

6 matches found

CVE•added 2022/07/28 3:15 p.m.•69 views

CVE-2021-22648

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.

9.8CVSS9.3AI score0.00083EPSS

CVE•added 2022/07/28 3:15 p.m.•60 views

CVE-2021-22646

The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.

9.8CVSS9.5AI score0.00181EPSS

CVE•added 2022/07/28 3:15 p.m.•58 views

CVE-2021-22640

An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.

9.8CVSS8.8AI score0.0009EPSS

CVE•added 2022/07/28 3:15 p.m.•54 views

CVE-2021-22650

An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.

9.8CVSS8.9AI score0.00254EPSS

CVE•added 2022/07/28 3:15 p.m.•53 views

CVE-2021-22642

An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.

7.5CVSS7.6AI score0.00074EPSS

CVE•added 2022/07/28 3:15 p.m.•52 views

CVE-2021-22644

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.

9.8CVSS8.7AI score0.0009EPSS