CVE-2026-40852
- EPSS 0.37%
- Veröffentlicht 27.05.2026 08:06:36
- Zuletzt bearbeitet 27.05.2026 14:53:22
A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. Thi...
CVE-2026-40851
- EPSS 0.13%
- Veröffentlicht 27.05.2026 08:06:21
- Zuletzt bearbeitet 27.05.2026 14:53:22
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
CVE-2025-41681
- EPSS 0.28%
- Veröffentlicht 21.07.2025 09:31:25
- Zuletzt bearbeitet 06.11.2025 16:44:36
A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.
CVE-2025-41679
- EPSS 0.63%
- Veröffentlicht 21.07.2025 09:31:04
- Zuletzt bearbeitet 06.11.2025 16:44:44
An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.
CVE-2025-41678
- EPSS 0.59%
- Veröffentlicht 21.07.2025 09:30:44
- Zuletzt bearbeitet 06.11.2025 16:44:52
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.
CVE-2025-41677
- EPSS 0.56%
- Veröffentlicht 21.07.2025 09:30:28
- Zuletzt bearbeitet 06.11.2025 16:45:01
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.
CVE-2025-41676
- EPSS 0.53%
- Veröffentlicht 21.07.2025 09:30:07
- Zuletzt bearbeitet 06.11.2025 16:45:10
A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.
CVE-2025-41675
- EPSS 0.59%
- Veröffentlicht 21.07.2025 09:29:57
- Zuletzt bearbeitet 06.11.2025 16:45:17
A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.
CVE-2025-41674
- EPSS 0.59%
- Veröffentlicht 21.07.2025 09:29:43
- Zuletzt bearbeitet 06.11.2025 16:45:25
A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.
CVE-2025-41673
- EPSS 0.59%
- Veröffentlicht 21.07.2025 09:29:32
- Zuletzt bearbeitet 06.11.2025 16:45:33
A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.