4 matches found
CVE-2022-42785
CVE-2022-42785 affects Wiesemann & Theis ComServer Series (serial device servers). The authenticated bypass allows an unauthenticated remote attacker to log in without a password by crafting a modified HTTP GET request. The vulnerability is documented across multiple sources (NVD, CVE list, Nessu...
CVE-2022-4098
CVE-2022-4098 affects Wiesemann & Theis ComServer Series. The issue is an authentication bypass via IP spoofing: after a user logs in to the WBM, an unauthenticated attacker on the same subnet can obtain the session ID and, by crafting modified HTTP GET requests, change settings, potentially taki...
CVE-2022-42787
Wiesemann & Theis Comserver Series (W&T Comserver) is affected by CVE-2022-42787 due to using a small number space for session IDs. After a user logs in, an unauthenticated remote attacker can brute-force a valid session ID to gain access to the user’s account on the device. User interaction is r...
CVE-2022-42786
CVE-2022-42786 concerns the Wiesemann & Theis ComServer Series web interface. The vulnerability is an XSS flaw in the configuration webpage title, allowing an authenticated remote attacker to inject and execute arbitrary web scripts/HTML. The root cause is described in a few sources as an imprope...