Filtered by vendor Loxone Subscriptions
Filtered by product Miniserver Go Gen 2 Firmware Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-36622 1 Loxone 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware 2024-11-21 7.2 High
The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.
CVE-2023-36623 1 Loxone 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware 2024-11-21 7.8 High
The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges.
CVE-2023-36624 1 Loxone 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware 2024-11-21 7.8 High
Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.