Ailux

Imx6

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2023-45597

  • EPSS 0.28%
  • Published 05.03.2024 12:15:47
  • Last modified 10.04.2025 20:36:09

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to inject arbitrary f...

5.3

CVE-2023-45598

  • EPSS 0.21%
  • Published 05.03.2024 12:15:47
  • Last modified 10.04.2025 19:17:40

A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below versio...

8.8

CVE-2023-45599

  • EPSS 0.24%
  • Published 05.03.2024 12:15:47
  • Last modified 03.03.2025 19:36:13

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue af...

9.8

CVE-2023-45600

  • EPSS 0.12%
  • Published 05.03.2024 12:15:47
  • Last modified 23.04.2025 17:29:47

A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx6...

9.8

CVE-2023-5457

  • EPSS 0.13%
  • Published 05.03.2024 12:15:47
  • Last modified 09.04.2025 20:34:52

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical in...

9.8

CVE-2023-45592

  • EPSS 0.26%
  • Published 05.03.2024 12:15:46
  • Last modified 10.04.2025 20:50:53

A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates the impacts of successful attacks executed against...

6.8

CVE-2023-45593

  • EPSS 0.11%
  • Published 05.03.2024 12:15:46
  • Last modified 10.04.2025 20:24:58

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alte...

6.8

CVE-2023-45594

  • EPSS 0.08%
  • Published 05.03.2024 12:15:46
  • Last modified 09.04.2025 20:49:05

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, i...

8.8

CVE-2023-45595

  • EPSS 0.26%
  • Published 05.03.2024 12:15:46
  • Last modified 11.04.2025 14:47:09

A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects...

5.3

CVE-2023-45596

  • EPSS 0.21%
  • Published 05.03.2024 12:15:46
  • Last modified 23.04.2025 19:47:08

A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle b...