Search Results (120753 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-1140 1 Deltaww 1 Infrasuite Device Master 2025-01-16 9.8 Critical
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator.
CVE-2023-1145 1 Deltaww 1 Infrasuite Device Master 2025-01-16 7.8 High
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1399 1 Keysight 2 N6854a, N6854a Firmware 2025-01-16 7.8 High
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution.
CVE-2023-1748 1 Getnexx 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more 2025-01-16 9.3 Critical
The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.
CVE-2023-2131 1 Inea 2 Me Rtu, Me Rtu Firmware 2025-01-16 10 Critical
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1966 1 Illumina 22 Iscan, Iscan Firmware, Iseq 100 and 19 more 2025-01-16 7.4 High
Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.
CVE-2023-1968 1 Illumina 22 Iscan, Iscan Firmware, Iseq 100 and 19 more 2025-01-16 10 Critical
Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.
CVE-2023-32346 1 Teltonika 1 Remote Management System 2025-01-16 5.3 Medium
Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System.
CVE-2023-32347 1 Teltonika 1 Remote Management System 2025-01-16 8.1 High
Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.
CVE-2023-32348 1 Teltonika 1 Remote Management System 2025-01-16 5.8 Medium
Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.
CVE-2023-2586 1 Teltonika 1 Remote Management System 2025-01-16 9 Critical
Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).
CVE-2023-2587 1 Teltonika 1 Remote Management System 2025-01-16 7.5 High
Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices.
CVE-2023-2588 1 Teltonika 1 Remote Management System 2025-01-16 8.8 High
Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL could be shared with others without Remote Management System authentication . An attacker could exploit this vulnerability to create a malicious webpage that uses a trusted and certified domain. An attacker could initiate a reverse shell when a victim connects to the malicious webpage, achieving remote code execution on the victim device.
CVE-2023-31240 1 Snapone 1 Orvc 2025-01-16 8.3 High
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
CVE-2022-46658 1 Dataprobe 44 Iboot-pdu4-c20, Iboot-pdu4-c20 Firmware, Iboot-pdu4-n20 and 41 more 2025-01-16 6.5 Medium
The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.
CVE-2023-42769 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2025-01-16 9.8 Critical
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.
CVE-2023-5754 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 9.1 Critical
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
CVE-2023-46662 1 Sielco 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more 2025-01-16 7.5 High
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
CVE-2023-5777 1 Weintek 1 Easybuilder Pro 2025-01-16 9.8 Critical
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
CVE-2023-39435 1 Zavio 22 B8220, B8220 Firmware, B8520 and 19 more 2025-01-16 8.8 High
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.