CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31479 – Remote Code Execution via command injection of the hostname
https://notcve.org/view.php?id=CVE-2022-31479
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-693: Protection Mechanism Failure •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26519 – Interlogix Hills ComNav Improper Restriction of Excessive Authentication Attempts
https://notcve.org/view.php?id=CVE-2022-26519
There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials. No se presenta límite en el número de intentos de autenticación para las páginas de configuración local de la interfaz Hills ComNav Versión 3002-19, lo que permite a atacantes locales forzar las credenciales • https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1318 – Hills ComNav Inadequate Encryption Strength
https://notcve.org/view.php?id=CVE-2022-1318
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. • https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf • CWE-203: Observable Discrepancy CWE-326: Inadequate Encryption Strength •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19762
https://notcve.org/view.php?id=CVE-2020-19762
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. Automated Logic Corporation (ALC) WebCTRL System versiones 6.5 y anteriores, permite a atacantes remotos ejecutar cualquier código JavaScript por medio de una carga útil XSS para el parámetro first en una petición GET • https://github.com/ismailerkek/CVEs/blob/main/CVE-2020-19762-RESERVED.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-8819 – WebCTRL Out-Of-Band XML Injection
https://notcve.org/view.php?id=CVE-2018-8819
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header. Se ha descubierto un problema de XEE (XML External Entity) en Automated Logic Corporation (ALC) WebCTRL en versiones 6.0, 6.1 y 6.5. Un atacante no autenticado podría introducir entradas maliciosas a WebCTRL y un analizador XML mal configurado permitirá que la aplicación revele el contenido total de los archivos del sistema operativo del servidor web subyacente mediante la cabecera HTTP "X-Wap-Profile". WebCTRL suffers from an out-of-band XML external entity injection vulnerability. • http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html http://seclists.org/fulldisclosure/2018/Jun/21 https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.html • CWE-611: Improper Restriction of XML External Entity Reference •