Moog

Exvp7c2-3 Firmware

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2020-24051

Exploit
  • EPSS 0.46%
  • Veröffentlicht 21.08.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:21

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. It was found that the authentication check for those ONVIF operations c...

9.1

CVE-2020-24052

Exploit
  • EPSS 1.42%
  • Veröffentlicht 21.08.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:21

Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.

7.5

CVE-2020-24053

Exploit
  • EPSS 0.29%
  • Veröffentlicht 21.08.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:21

Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols.

10

CVE-2020-24054

Exploit
  • EPSS 0.63%
  • Veröffentlicht 21.08.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:14:21

The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. One of the limitations of this feature is that it only...