CVE-2021-27451 – Mesa Labs AmegaView improper authentication
https://notcve.org/view.php?id=CVE-2021-27451
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device. El código de acceso de Mesa Labs AmegaView Versiones 3.0 y anteriores, es generado mediante un algoritmo fácilmente reversible, lo que puede permitir a un atacante conseguir acceso al dispositivo • https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03 • CWE-287: Improper Authentication •
CVE-2021-27447 – Mesa Labs AmegaView command injection
https://notcve.org/view.php?id=CVE-2021-27447
Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code. Mesa Labs AmegaView versión 3.0, es vulnerable a una inyección de comandos, que puede permitir a un atacante ejecutar código arbitrario de forma remota • https://www.cisa.gov/uscert/ics/advisories/icsa-21-147-03 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-27453 – Mesa Labs AmegaView authentication bypass
https://notcve.org/view.php?id=CVE-2021-27453
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access. Mesa Labs AmegaView Versión 3.0, usa cookies por defecto que podrían ser configuradas para omitir la autenticación de la aplicación web, lo que podría permitir a un atacante conseguir acceso • https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2021-27449 – Mesa Labs AmegaView Command Injection
https://notcve.org/view.php?id=CVE-2021-27449
Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server. Mesa Labs AmegaView Versiones 3.0 y anteriores, presenta una vulnerabilidad de inyección de comandos que puede ser explotada para ejecutar comandos en el servidor web • https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-27445 – Mesa Labs AmegaView Improper Privilege Management
https://notcve.org/view.php?id=CVE-2021-27445
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device. Mesa Labs AmegaView versiones 3.0 y anteriores, presentan permisos de archivo no seguros que podrían ser explotados para escalar privilegios en el dispositivo • https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •