Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cyberdanube.com vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-40005
Intelbras WiFiber 120AC inMesh prior to 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
Intelbras Wifiber 120ac Inmesh Firmware
8.8
CVSSv3
CVE-2022-40282
The web server of Hirschmann BAT-C2 prior to 09.13.01.00R04 allows authenticated command injection. This allows an authenticated malicious user to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. Th...
Belden Hirschmann Bat-c2 Firmware
8.8
CVSSv3
CVE-2023-2574
Advantech EKI-1524, EKI-1522, EKI-1521 devices up to and including 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.
Advantech Eki-1521 Firmware
Advantech Eki-1522 Firmware
Advantech Eki-1524 Firmware
8.8
CVSSv3
CVE-2023-2575
Advantech EKI-1524, EKI-1522, EKI-1521 devices up to and including 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.
Advantech Eki-1521 Firmware
Advantech Eki-1522 Firmware
Advantech Eki-1524 Firmware
9.1
CVSSv3
CVE-2023-5376
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
Korenix Jetnet 5310g Firmware 2.6
Korenix Jetnet 4508 Firmware 2.3
Korenix Jetnet 4508i-w Firmware 1.3
Korenix Jetnet 4508-w Firmware 2.3
Korenix Jetnet 4508if-s Firmware 1.3
Korenix Jetnet 4508if-m Firmware 1.3
Korenix Jetnet 4508if-sw Firmware 1.3
Korenix Jetnet 4508if-mw Firmware 1.3
Korenix Jetnet 4508f-m Firmware 2.3
Korenix Jetnet 4508f-s Firmware 2.3
Korenix Jetnet 4508f-mw Firmware 2.3
Korenix Jetnet 4508f-sw Firmware 2.3
Korenix Jetnet 5620g-4c Firmware 1.1
Korenix Jetnet 5612gp-4f Firmware 1.2
Korenix Jetnet 5612g-4f Firmware 1.2
Korenix Jetnet 5728g-24p-ac-2dc-us Firmware 2.1
Korenix Jetnet 5728g-24p-ac-2dc-eu Firmware 2.1
Korenix Jetnet 6528gf-2ac-eu Firmware 1.0
Korenix Jetnet 6528gf-2ac-us Firmware 1.0
Korenix Jetnet 6528gf-2dc24 Firmware 1.0
Korenix Jetnet 6528gf-2dc48 Firmware 1.0
Korenix Jetnet 6528gf-ac-eu Firmware 1.0
8.8
CVSSv3
CVE-2023-2573
Advantech EKI-1524, EKI-1522, EKI-1521 devices up to and including 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.
Advantech Eki-1521 Firmware
Advantech Eki-1522 Firmware
Advantech Eki-1524 Firmware
9.1
CVSSv3
CVE-2023-5347
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.
Korenix Jetnet 5310g Firmware 2.6
Korenix Jetnet 4508 Firmware 2.3
Korenix Jetnet 4508i-w Firmware 1.3
Korenix Jetnet 4508-w Firmware 2.3
Korenix Jetnet 4508if-s Firmware 1.3
Korenix Jetnet 4508if-m Firmware 1.3
Korenix Jetnet 4508if-sw Firmware 1.3
Korenix Jetnet 4508if-mw Firmware 1.3
Korenix Jetnet 4508f-m Firmware 2.3
Korenix Jetnet 4508f-s Firmware 2.3
Korenix Jetnet 4508f-mw Firmware 2.3
Korenix Jetnet 4508f-sw Firmware 2.3
Korenix Jetnet 5620g-4c Firmware 1.1
Korenix Jetnet 5612gp-4f Firmware 1.2
Korenix Jetnet 5612g-4f Firmware 1.2
Korenix Jetnet 5728g-24p-ac-2dc-us Firmware 2.1
Korenix Jetnet 5728g-24p-ac-2dc-eu Firmware 2.1
Korenix Jetnet 6528gf-2ac-eu Firmware 1.0
Korenix Jetnet 6528gf-2ac-us Firmware 1.0
Korenix Jetnet 6528gf-2dc24 Firmware 1.0
Korenix Jetnet 6528gf-2dc48 Firmware 1.0
Korenix Jetnet 6528gf-ac-eu Firmware 1.0
9.6
CVSSv3
CVE-2023-3526
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions before 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX before 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of th...
Phoenixcontact Cloud Client 1101t-tx Firmware
Phoenixcontact Tc Cloud Client 1002-4g Att Firmware
Phoenixcontact Tc Cloud Client 1002-4g Firmware
Phoenixcontact Tc Cloud Client 1002-4g Vzw Firmware
Phoenixcontact Tc Router 3002t-4g Att Firmware
Phoenixcontact Tc Router 3002t-4g Firmware
Phoenixcontact Tc Router 3002t-4g Vzw Firmware
4.9
CVSSv3
CVE-2023-3569
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions before 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX before 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.
Phoenixcontact Cloud Client 1101t-tx Firmware
Phoenixcontact Tc Cloud Client 1002-4g Att Firmware
Phoenixcontact Tc Cloud Client 1002-4g Firmware
Phoenixcontact Tc Cloud Client 1002-4g Vzw Firmware
Phoenixcontact Tc Router 3002t-4g Att Firmware
Phoenixcontact Tc Router 3002t-4g Firmware
Phoenixcontact Tc Router 3002t-4g Vzw Firmware
5.4
CVSSv3
CVE-2023-4202
Advantech EKI-1524, EKI-1522, EKI-1521 devices up to and including 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
Advantech Eki-1524 Firmware
Advantech Eki-1522 Firmware
Advantech Eki-1521 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »