HIGH🇵🇱 Wersja polska

CVE-2015-3971

CVSS 7.5v2.0pub. 2015-10-28upd. 2026-05-06

The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Janitza Umg 508

    HW
    Janitza
    wszystkie wersje
  • Janitza Umg 509

    HW
    Janitza
    wszystkie wersje
  • Janitza Umg 511

    HW
    Janitza
    wszystkie wersje
  • Janitza Umg 604

    HW
    Janitza
    wszystkie wersje
  • Janitza Umg 605

    HW
    Janitza
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2015-3968HIGH7.5ten sam produkt

The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easi...

CVE-2015-3972HIGH10.0ten sam produkt

The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authen...

CVE-2015-3967MEDIUM6.8ten sam produkt

Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remo...

CVE-2015-3969MEDIUM5.0ten sam produkt

Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection ...

CVE-2015-3970MEDIUM4.3ten sam produkt

Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, an...