Lucene search
K
WutCom-server ++ Firmware

4 matches found

CVE
CVE
added 2022/11/10 11:1 a.m.68 views

CVE-2022-42785

CVE-2022-42785 affects Wiesemann & Theis ComServer Series (serial device servers). The authenticated bypass allows an unauthenticated remote attacker to log in without a password by crafting a modified HTTP GET request. The vulnerability is documented across multiple sources (NVD, CVE list, Nessu...

9.8CVSS9.7AI score0.01001EPSS
CVE
CVE
added 2022/12/13 7:26 a.m.64 views

CVE-2022-4098

CVE-2022-4098 affects Wiesemann & Theis ComServer Series. The issue is an authentication bypass via IP spoofing: after a user logs in to the WBM, an unauthenticated attacker on the same subnet can obtain the session ID and, by crafting modified HTTP GET requests, change settings, potentially taki...

8CVSS8.1AI score0.00337EPSS
CVE
CVE
added 2022/11/10 11:6 a.m.56 views

CVE-2022-42787

Wiesemann & Theis Comserver Series (W&T Comserver) is affected by CVE-2022-42787 due to using a small number space for session IDs. After a user logs in, an unauthenticated remote attacker can brute-force a valid session ID to gain access to the user’s account on the device. User interaction is r...

8.8CVSS8.7AI score0.00734EPSS
CVE
CVE
added 2022/11/10 11:2 a.m.55 views

CVE-2022-42786

CVE-2022-42786 concerns the Wiesemann & Theis ComServer Series web interface. The vulnerability is an XSS flaw in the configuration webpage title, allowing an authenticated remote attacker to inject and execute arbitrary web scripts/HTML. The root cause is described in a few sources as an imprope...

5.4CVSS5.5AI score0.00429EPSS