CVE-2022-47187 – File upload XSS vulnerability in Generex CS141
https://notcve.org/view.php?id=CVE-2022-47187
There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file. Hay una vulnerabilidad XSS de carga de archivos en Generex CS141 por debajo de la versión 2.06. La aplicación web permite la carga de archivos, posibilitando la carga de un archivo con contenido HTML. • https://www.generex.de/support/changelogs/cs141/2-12 https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-47186 – Unrestricted Upload of File vulnerability in Generex CS141
https://notcve.org/view.php?id=CVE-2022-47186
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory. Hay una vulnerabilidad de carga de archivos sin restricciones en Generex CS141 por debajo de la versión 2.06. Un atacante podría cargar y/o eliminar cualquier tipo de archivo, sin ninguna restricción de formato y sin ninguna autenticación, en el directorio "upload". • https://www.generex.de/support/changelogs/cs141/page:2 https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-47192 – Admin password reset via file upload vulnerability in Generex CS141
https://notcve.org/view.php?id=CVE-2022-47192
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password. • https://www.generex.de/support/changelogs/cs141/2-12 https://www.generex.de/support/changelogs/cs141/page:2 https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 • CWE-20: Improper Input Validation •
CVE-2022-47188 – Improper Input Validation in Generex CS141
https://notcve.org/view.php?id=CVE-2022-47188
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. • https://www.generex.de/support/changelogs/cs141/2-12 https://www.generex.de/support/changelogs/cs141/page:2 https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-47189 – DoS via file upload vulnerability at Generex CS141
https://notcve.org/view.php?id=CVE-2022-47189
Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. • https://www.generex.de/support/changelogs/cs141/2-12 https://www.generex.de/support/changelogs/cs141/page:2 https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 • CWE-20: Improper Input Validation •