HIGH🇬🇧 English

CVE-2023-25183

CVSS 8.3v3.1pub. 2023-05-22upd. 2024-11-21

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
  • Snapone Orvc

    APP
    Snapone
    < 7.3.0
  • Snapone Ovrc 300 Pro

    HW
    Snapone
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-31193HIGH7.5ten sam produkt

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from thei...

CVE-2023-31245HIGH7.1ten sam produkt

Devices using Snap One OvrC cloud are sent to a web address when accessing a web mana...

CVE-2023-28649HIGH8.6ten sam produkt

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected...

CVE-2023-28386HIGH8.6ten sam produkt

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only c...

CVE-2023-31240HIGH8.3ten sam produkt

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the loc...

CVE-2023-25183 — HIGH 8.3 | CVEbaza.pl