CVE-2025-40943
- EPSS 0.05%
- Veröffentlicht 10.03.2026 16:07:50
- Zuletzt bearbeitet 19.03.2026 16:16:00
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. ...
CVE-2025-30033
- EPSS 0.01%
- Veröffentlicht 12.08.2025 11:16:56
- Zuletzt bearbeitet 12.08.2025 14:25:33
The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component.
CVE-2023-37482
- EPSS 0.16%
- Veröffentlicht 11.02.2025 11:15:11
- Zuletzt bearbeitet 11.02.2025 11:15:11
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
CVE-2024-46886
- EPSS 0.09%
- Veröffentlicht 08.10.2024 09:15:16
- Zuletzt bearbeitet 10.10.2024 12:56:30
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate ...
CVE-2024-46887
- EPSS 0.2%
- Veröffentlicht 08.10.2024 09:15:16
- Zuletzt bearbeitet 08.04.2025 21:15:46
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle t...