CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7229
https://notcve.org/view.php?id=CVE-2018-7229
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials. Existe una vulnerabilidad en Pelco Sarix Professional, de Schneider Electric en todas las versiones de firmware anteriores a la 3.29.67 que podría permitir que un atacante remoto no autenticado omita la autenticación y obtenga privilegios de administrador debido al uso de credenciales embebidas. • https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7230
https://notcve.org/view.php?id=CVE-2018-7230
A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. Existe una vulnerabilidad de XEE (XML External Entity) en import.cgi del componente de la interfaz web en Pelco Sarix Professional de Schneider Electric en todas las versiones de firmware anteriores a la 3.29.67. • https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7231
https://notcve.org/view.php?id=CVE-2018-7231
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'. Existe una vulnerabilidad en Pelco Sarix Professional de Schneider Electric en todas las versiones de firmware anteriores a la 3.29.67 que podría permitir la ejecución de comandos debido a la falta de validación de los metacaracteres shell con el valor "system.opkg.remove". • https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7232
https://notcve.org/view.php?id=CVE-2018-7232
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.delete_certs'. Existe una vulnerabilidad en Pelco Sarix Professional de Schneider Electric en todas las versiones de firmware anteriores a la 3.29.67 que podría permitir la ejecución de comandos debido a la falta de validación de los metacaracteres shell con el valor "network.ieee8021x.delete_certs". • https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-7233
https://notcve.org/view.php?id=CVE-2018-7233
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'model_name' or 'mac_address'. Existe una vulnerabilidad en Pelco Sarix Professional de Schneider Electric en todas las versiones de firmware anteriores a la 3.29.67 que podría permitir la ejecución de comandos debido a la falta de validación de los metacaracteres shell con el valor "model_name" o "'mac_address". • https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01 • CWE-20: Improper Input Validation •