CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33469
https://notcve.org/view.php?id=CVE-2023-33469
09 Aug 2023 — In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level. • http://kramerav.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 1CVE-2023-33468
https://notcve.org/view.php?id=CVE-2023-33468
09 Aug 2023 — KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen. • http://kramerav.com • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33507
https://notcve.org/view.php?id=CVE-2023-33507
31 May 2023 — KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read. • https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33508
https://notcve.org/view.php?id=CVE-2023-33508
31 May 2023 — KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). • https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33509
https://notcve.org/view.php?id=CVE-2023-33509
31 May 2023 — KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection. • https://zxsecurity.co.nz/research/advisories/kramer-via-go-2-rce-and-other-vulns • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •