CVE-2022-47320
The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.
Source: CVE-2022-47320
CVE-2022-47311
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.
Source: CVE-2022-47311
CVE-2022-46738
The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.
Source: CVE-2022-46738
CVE-2023-2505
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.
Source: CVE-2023-2505
CVE-2023-2504
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.
Source: CVE-2023-2504
CVE-2022-4945
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user’s cloud.
Source: CVE-2022-4945
CVE-2023-31816
IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php.
Source: CVE-2023-31816
CVE-2023-25183
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.
Source: CVE-2023-25183
CVE-2023-28649
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.
Source: CVE-2023-28649
CVE-2023-29838
Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.
Source: CVE-2023-29838