CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33469
https://notcve.org/view.php?id=CVE-2023-33469
09 Aug 2023 — In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level. • http://kramerav.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33468
https://notcve.org/view.php?id=CVE-2023-33468
09 Aug 2023 — KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen. • http://kramerav.com • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33507
https://notcve.org/view.php?id=CVE-2023-33507
31 May 2023 — KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read. • https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33508
https://notcve.org/view.php?id=CVE-2023-33508
31 May 2023 — KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). • https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33509
https://notcve.org/view.php?id=CVE-2023-33509
31 May 2023 — KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection. • https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 3CVE-2021-36356 – Kramer VIAware - Remote Code Execution (RCE) (Root)
https://notcve.org/view.php?id=CVE-2021-36356
31 Aug 2021 — KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124. KRAMER VIAware hasta agosto de 2021, permite a atacantes remotos ejecutar código arbitrario porque el archivo ajaxPages/writeBrowseFilePathAjax.php acepta nombres de ruta ejecutables arbitrarios (a... • https://packetstorm.news/files/id/166623 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 5CVE-2021-35064 – Kramer VIAware - Remote Code Execution (RCE) (Root)
https://notcve.org/view.php?id=CVE-2021-35064
12 Jul 2021 — KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg. KramerAV VIAWare, todas las versiones probadas, permiten una escalada de privilegios mediante la configuración inapropiada de sudo. Sudoers permite una ejecución de múltiples comandos peligrosos, incluyendo unzip, systemctl y dpkg • https://packetstorm.news/files/id/166623 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 4CVE-2019-17124 – Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2019-17124
09 Oct 2019 — Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. Kramer VIAware versión 2.5.0719.1034, presenta un Control de Acceso Incorrecto. Kramer VIAware version 2.5.0719.1034 suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/166541 • CWE-276: Incorrect Default Permissions •