HIGH🇵🇱 Wersja polska

CVE-2023-25183

CVSS 8.3v3.1pub. 2023-05-22upd. 2024-11-21

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
  • Snapone Orvc

    APP
    Snapone
    < 7.3.0
  • Snapone Ovrc 300 Pro

    HW
    Snapone
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-31193HIGH7.5ten sam produkt

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from thei...

CVE-2023-31245HIGH7.1ten sam produkt

Devices using Snap One OvrC cloud are sent to a web address when accessing a web mana...

CVE-2023-28649HIGH8.6ten sam produkt

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected...

CVE-2023-28386HIGH8.6ten sam produkt

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only c...

CVE-2023-31240HIGH8.3ten sam produkt

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the loc...