CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45367 – Optigo Networks ONS-S8 Spectra Aggregation Switch Weak Authentication
https://notcve.org/view.php?id=CVE-2024-45367
03 Oct 2024 — The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01 • CWE-1390: Weak Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41925 – Optigo Networks ONS-S8 Spectra Aggregation Switch PHP Remote File Inclusion
https://notcve.org/view.php?id=CVE-2024-41925
03 Oct 2024 — The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-275-01 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •