Filtered by vendor Gira Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-10794 1 Gira 2 Tks-ip-gateway, Tks-ip-gateway Firmware 2024-08-04 9.8 Critical
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access.
CVE-2020-10795 1 Gira 2 Tks-ip-gateway, Tks-ip-gateway Firmware 2024-08-04 7.2 High
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access.
CVE-2023-33277 1 Gira 2 Knx Ip Router, Knx Ip Router Firmware 2024-08-02 7.5 High
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.
CVE-2023-33276 1 Gira 2 Knx Ip Router, Knx Ip Router Firmware 2024-08-02 6.1 Medium
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).
CVE-2023-2739 1 Gira 2 Gira Home Server, Gira Home Server Firmware 2024-08-02 4.3 Medium
A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. This vulnerability affects unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27"><img%20src=x%20onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.