CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2022-2591 – TEM FLEX-1085 reboot denial of service
https://notcve.org/view.php?id=CVE-2022-2591
31 Jul 2022 — A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://www.exploit-db.com/exploits/51438 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-1077 – TEM FLEX-1080/FLEX-1085 Log information disclosure
https://notcve.org/view.php?id=CVE-2022-1077
29 Mar 2022 — A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. • https://github.com/MrEmpy/CVE-2022-1077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1074 – TEM FLEX-1085 injection
https://notcve.org/view.php?id=CVE-2022-1074
29 Mar 2022 — A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. Se ha encontrado una vulnerabilidad en TEM FLEX-1085 versión 1.6.0 y ha sido clasificada como problemática. El uso de la entrada (h1)HTML Injection(/h1) en la configuración del WiFi del tablero de mandos conlleva a una inyección de html • https://vuldb.com/?id.194845 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •