VYPR

EW9

by IP-COM

CVEs (5)

  • CVE-2022-45005CriDec 13, 2022
    risk 0.64cvss 9.8epss 0.05

    IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.

  • CVE-2022-43367CriOct 27, 2022
    risk 0.64cvss 9.8epss 0.05

    IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function.

  • CVE-2022-43366HigOct 27, 2022
    risk 0.49cvss 7.5epss 0.01

    IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to access sensitive information via the checkLoginUser, ate, telnet, version, setDebugCfg, and boot interfaces.

  • CVE-2022-43365HigOct 27, 2022
    risk 0.49cvss 7.5epss 0.01

    IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

  • CVE-2022-43364HigOct 27, 2022
    risk 0.49cvss 7.5epss 0.01

    An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.