VYPR

imx6 bundle

by AiLux

CVEs (12)

  • CVE-2023-5456HigMar 5, 2024
    risk 0.53cvss 8.1epss 0.01

    A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux…

  • CVE-2023-5457HigMar 5, 2024
    risk 0.49cvss 7.5epss 0.01

    A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical information and…

  • CVE-2023-45591HigMar 5, 2024
    risk 0.49cvss 7.5epss 0.01

    A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition,…

  • CVE-2023-45594MedMar 5, 2024
    risk 0.44cvss 6.8epss 0.00

    A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and…

  • CVE-2023-45593MedMar 5, 2024
    risk 0.44cvss 6.8epss 0.00

    A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration…

  • CVE-2023-45592MedMar 5, 2024
    risk 0.44cvss 6.8epss 0.01

    A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates the impacts of successful attacks executed against the browser. This…

  • CVE-2023-45597MedMar 5, 2024
    risk 0.38cvss 5.9epss 0.00

    A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to inject arbitrary formulas inside…

  • CVE-2023-45595MedMar 5, 2024
    risk 0.38cvss 5.9epss 0.00

    A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle…

  • CVE-2023-45600MedMar 5, 2024
    risk 0.36cvss 5.6epss 0.00

    A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

  • CVE-2023-45599MedMar 5, 2024
    risk 0.36cvss 5.5epss 0.00

    A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6…

  • CVE-2023-45598MedMar 5, 2024
    risk 0.34cvss 5.3epss 0.00

    A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

  • CVE-2023-45596MedMar 5, 2024
    risk 0.34cvss 5.3epss 0.00

    A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version…