Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

mersive solstice firmware vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3

CVE-2020-35587

In Solstice Pod prior to 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is directly associated with a negative impact, or instead only facilitates an attack ...
Mersive Solstice Firmware
8.8
CVSSv3

CVE-2017-12945

Insufficient validation of user-supplied input for the Solstice Pod prior to 2.8.4 networking configuration enables authenticated malicious users to execute arbitrary commands as root.
Mersive Solstice Firmware
5.9
CVSSv3

CVE-2020-35584

In Solstice Pod prior to 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web ser...
Mersive Solstice Pod Firmware
7.5
CVSSv3

CVE-2020-27523

Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which lead...
Mersive Solstice Pod Firmware
7.5
CVSSv3

CVE-2020-35586

In Solstice Pod prior to 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase lett...
Mersive Solstice Pod Firmware
7.5
CVSSv3

CVE-2020-35585

In Solstice Pod prior to 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
Mersive Solstice Pod Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflowtype confusionserver-side request forgeryCVE-2024-38440CVE-2024-27801CVE-2024-5868CVE-2024-0582CVE-2024-37643CVE-2024-3105
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook