CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46329
https://notcve.org/view.php?id=CVE-2024-46329
26 Sep 2024 — VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object. • https://hawktesters.com/5519644d-246e-4924-b7c8-8fdf742117be/1af23e51-20e4-4432-a66c-64345c1e4ed4.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46330
https://notcve.org/view.php?id=CVE-2024-46330
26 Sep 2024 — VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object. • https://hawktesters.com/5519644d-246e-4924-b7c8-8fdf742117be/704b5e66-fee5-4289-aa55-eb7feb5f0edc.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46327
https://notcve.org/view.php?id=CVE-2024-46327
26 Sep 2024 — An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal. • https://hawktesters.com/5519644d-246e-4924-b7c8-8fdf742117be/ab3b22c9-1fbf-4dbb-a1cd-8c69f6723a4a.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46328
https://notcve.org/view.php?id=CVE-2024-46328
26 Sep 2024 — VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root. • https://hawktesters.com/5519644d-246e-4924-b7c8-8fdf742117be/9461d352-c4f6-477f-a44e-b91ff71e6d84.pdf • CWE-259: Use of Hard-coded Password •