CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27688
https://notcve.org/view.php?id=CVE-2025-27688
18 Mar 2025 — Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. • https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26331
https://notcve.org/view.php?id=CVE-2025-26331
07 Mar 2025 — Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. • https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28963
https://notcve.org/view.php?id=CVE-2024-28963
24 Apr 2024 — Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information. Telemetry Dashboard v1.0.0.7 para Dell ThinOS 2402 contiene una vulnerabilidad de divulgación de información confidencial. Un usuario no autenticado con acceso local al dispositivo podría aprovechar esta vulnerabilidad para leer información confidencial de configuraci... • https://www.dell.com/support/kbdoc/en-us/000224317/dsa-2024-170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •