Filtered by vendor Loxone
Subscriptions
Filtered by product Miniserver Go Gen 2
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-36622 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2024-11-21 | 7.2 High |
The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. | ||||
CVE-2023-36623 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2024-11-21 | 7.8 High |
The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges. | ||||
CVE-2023-36624 | 1 Loxone | 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware | 2024-11-21 | 7.8 High |
Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement. |
Page 1 of 1.