Copeland

Xweb 300d Pro Firmware

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-20902

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:49:44
  • Zuletzt bearbeitet 27.02.2026 23:13:13

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload...

8.8

CVE-2026-20910

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:46:14
  • Zuletzt bearbeitet 27.02.2026 23:12:37

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update...

8.8

CVE-2026-20742

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:42:12
  • Zuletzt bearbeitet 27.02.2026 23:13:46

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.

8.8

CVE-2026-21389

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:38:51
  • Zuletzt bearbeitet 27.02.2026 23:12:14

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import ro...

9.8

CVE-2026-21718

  • EPSS 0.07%
  • Veröffentlicht 27.02.2026 00:34:55
  • Zuletzt bearbeitet 27.02.2026 23:11:48

An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.