CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2022-2591 – TEM FLEX-1085 reboot denial of service
https://notcve.org/view.php?id=CVE-2022-2591
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://www.exploit-db.com/exploits/51438 http://packetstormsecurity.com/files/172323/FLEX-Denial-Of-Service.html https://vuldb.com/?id.205344 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-1077 – TEM FLEX-1080/FLEX-1085 Log information disclosure
https://notcve.org/view.php?id=CVE-2022-1077
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. • https://github.com/MrEmpy/CVE-2022-1077 https://vuldb.com/?id.194848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1074 – TEM FLEX-1085 injection
https://notcve.org/view.php?id=CVE-2022-1074
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. Se ha encontrado una vulnerabilidad en TEM FLEX-1085 versión 1.6.0 y ha sido clasificada como problemática. El uso de la entrada (h1)HTML Injection(/h1) en la configuración del WiFi del tablero de mandos conlleva a una inyección de html • https://vuldb.com/?id.194845 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •