Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LControl4 Ca 1
HWControl4wszystkie wersjeControl4 Ca 10
HWControl4wszystkie wersjeControl4 Ea 1
HWControl4wszystkie wersjeControl4 Ea 3
HWControl4wszystkie wersjeControl4 Ea 5
HWControl4wszystkie wersjeSnapone An 110 Rt 2l1w
HWSnaponewszystkie wersjeSnapone An 110 Rt 2l1w Wifi
HWSnaponewszystkie wersjeSnapone An 310 Rt 4l2w
HWSnaponewszystkie wersjeSnapone Orvc
APPSnapone< 7.3.0Snapone Ovrc 300 Pro
HWSnaponewszystkie wersjeSnapone Pakedge Rk 1
HWSnaponewszystkie wersjeSnapone Pakedge Rt 3100
HWSnaponewszystkie wersjeSnapone Pakedge Wr 1
HWSnaponewszystkie wersje
Related vulnerabilities
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected...
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only c...
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outri...
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser ac...
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from thei...