CVE-2025-40943
- EPSS 0.05%
- Veröffentlicht 10.03.2026 16:07:50
- Zuletzt bearbeitet 19.03.2026 16:16:00
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. ...
CVE-2024-46886
- EPSS 0.09%
- Veröffentlicht 08.10.2024 09:15:16
- Zuletzt bearbeitet 10.10.2024 12:56:30
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate ...
CVE-2024-46887
- EPSS 0.2%
- Veröffentlicht 08.10.2024 09:15:16
- Zuletzt bearbeitet 08.04.2025 21:15:46
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle t...