Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mersive solstice firmware vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-35587
In Solstice Pod prior to 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is directly associated with a negative impact, or instead only facilitates an attack ...
Mersive Solstice Firmware
1 Github repository
8.8
CVSSv3
CVE-2017-12945
Insufficient validation of user-supplied input for the Solstice Pod prior to 2.8.4 networking configuration enables authenticated malicious users to execute arbitrary commands as root.
Mersive Solstice Firmware
1 Github repository
5.9
CVSSv3
CVE-2020-35584
In Solstice Pod prior to 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web ser...
Mersive Solstice Pod Firmware
7.5
CVSSv3
CVE-2020-27523
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which lead...
Mersive Solstice Pod Firmware
7.5
CVSSv3
CVE-2020-35586
In Solstice Pod prior to 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase lett...
Mersive Solstice Pod Firmware
7.5
CVSSv3
CVE-2020-35585
In Solstice Pod prior to 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
Mersive Solstice Pod Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started