CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28138 – OS Command Injection
https://notcve.org/view.php?id=CVE-2024-28138
05 Dec 2024 — An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized. An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized. Image Access Scan2Net with firmware versions prior or ... • https://packetstorm.news/files/id/182979 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28140 – Violation of Least Privilege Principle
https://notcve.org/view.php?id=CVE-2024-28140
05 Dec 2024 — The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and observing the output. The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. • https://packetstorm.news/files/id/182979 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28141 – Cross-Site Request-Forgery
https://notcve.org/view.php?id=CVE-2024-28141
05 Dec 2024 — The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the admin password or create new users. Image Access Scan2Net with firmware versions prior or equal to 7.40, versions prior or equal to 7.42, or versions prior to 7.42B suffer from OS command injection, privilege escalat... • https://packetstorm.news/files/id/182979 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28143 – Insecure Password Change Function
https://notcve.org/view.php?id=CVE-2024-28143
05 Dec 2024 — The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue. The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcef... • https://packetstorm.news/files/id/182979 • CWE-620: Unverified Password Change •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28145 – Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-28145
05 Dec 2024 — An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword. An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vul... • https://packetstorm.news/files/id/182979 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28146 – Hardcoded credentials
https://notcve.org/view.php?id=CVE-2024-28146
05 Dec 2024 — The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device. The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device. Image Access Scan2Net with firmware versions prior or eq... • https://packetstorm.news/files/id/182979 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-47946 – OS Command Execution through Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-47946
05 Dec 2024 — If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as "www-data". Image Access Scan2Net with firmware versions prior or equal to 7.40, versions prior... • https://packetstorm.news/files/id/182979 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50584 – SQL Injection
https://notcve.org/view.php?id=CVE-2024-50584
05 Dec 2024 — An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the JSON syntax of the templates parameter. An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. Th... • https://packetstorm.news/files/id/182979 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-36498 – Stored cross site scripting
https://notcve.org/view.php?id=CVE-2024-36498
05 Dec 2024 — Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. Version 7.40 impleme... • https://packetstorm.news/files/id/182979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-47947 – Stored cross site scripting
https://notcve.org/view.php?id=CVE-2024-47947
05 Dec 2024 — Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. Due to missing input... • https://packetstorm.news/files/id/182979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •