CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8525 – Automated Logic WebCTRL and Carrier i-Vu Unrestricted File Upload
https://notcve.org/view.php?id=CVE-2024-8525
An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file. • https://www.corporate.carrier.com/product-security/advisories-resources https://www.cisa.gov/news-events/ics-advisories • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8526 – Automated Logic WebCTRL and Carrier i-Vu Open Redirect
https://notcve.org/view.php?id=CVE-2024-8526
A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp" • https://www.corporate.carrier.com/product-security/advisories-resources https://www.cisa.gov/news-events/ics-advisories • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-36483 – MAS (a Carrier brand) MASmobile Classic Authorization Bypass
https://notcve.org/view.php?id=CVE-2023-36483
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history. Se descubrió una omisión de autorización en la aplicación Carrier MASmobile Classic hasta la versión 1.16.18 para Android, la aplicación MASmobile Classic hasta la 1.7.24 para iOS y los servicios MAS ASP.Net hasta la 1.9. Esto se puede lograr mediante la predicción de ID de sesión, lo que permite a atacantes remotos recuperar datos confidenciales, incluidos datos de clientes, estado del sistema de seguridad e historial de eventos. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. Los productos afectados no pueden simplemente actualizarse; deben eliminarse, pero pueden reemplazarse por otro software de Carrier como se explica en el aviso de Carrier. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.0EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31486 – Command injection via Advanced Networking route add functionality
https://notcve.org/view.php?id=CVE-2022-31486
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. Un atacante autenticado puede enviar una ruta especialmente diseñada al binario "edit_route.cgi" y hacer que ejecute comandos de shell. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a 1.303 para la serie LP y 1.297 para la serie EP. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31485 – Unauthenticated homepage note modification
https://notcve.org/view.php?id=CVE-2022-31485
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. Un atacante no autenticado puede enviar un paquete especialmente diseñado para actualizar la sección "notes" de la página de inicio de la interfaz web. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a 1.29 • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-425: Direct Request ('Forced Browsing') •