Copeland

Xweb 500b Pro Firmware

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-3037

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 01:06:42
  • Zuletzt bearbeitet 28.02.2026 01:13:53

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code v...

9.8

CVE-2026-20797

  • EPSS 0.02%
  • Veröffentlicht 27.02.2026 01:03:18
  • Zuletzt bearbeitet 27.02.2026 23:10:35

A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.

9.1

CVE-2026-22877

  • EPSS 0.09%
  • Veröffentlicht 27.02.2026 01:01:25
  • Zuletzt bearbeitet 27.02.2026 23:09:41

An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.

8.8

CVE-2026-25037

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:59:14
  • Zuletzt bearbeitet 27.02.2026 23:07:40

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during s...

8.8

CVE-2026-25196

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:58:08
  • Zuletzt bearbeitet 27.02.2026 23:06:36

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead ...

8.8

CVE-2026-20764

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:56:47
  • Zuletzt bearbeitet 27.02.2026 23:11:05

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later...

8.8

CVE-2026-25721

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:55:28
  • Zuletzt bearbeitet 27.02.2026 23:06:02

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of t...

8.8

CVE-2026-23702

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:54:21
  • Zuletzt bearbeitet 27.02.2026 23:08:42

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import ...

8.8

CVE-2026-24452

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:53:22
  • Zuletzt bearbeitet 27.02.2026 23:08:17

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route.

8.8

CVE-2026-25105

  • EPSS 0.22%
  • Veröffentlicht 27.02.2026 00:52:21
  • Zuletzt bearbeitet 27.02.2026 23:07:06

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in t...