Smart Wireless Gateway 1420
by Emerson
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-38485 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk. | |||
| CVE-2021-42542 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | |||
| CVE-2021-42540 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality. | |||
| CVE-2021-42536 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | |||
| CVE-2021-42539 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change. | |||
| CVE-2021-42538 | 0.00 | — | 0.01 | Oct 22, 2021 | The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. | |||
| CVE-2020-12030 | 0.00 | — | 0.01 | Sep 29, 2021 | There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. | |||
| CVE-2020-19419 | 0.00 | — | 0.03 | Mar 10, 2021 | Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | |||
| CVE-2020-19417 | 0.00 | — | 0.03 | Mar 10, 2021 | Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application. |
- CVE-2021-38485Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk.
- CVE-2021-42542Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
- CVE-2021-42540Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
- CVE-2021-42536Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
- CVE-2021-42539Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
- CVE-2021-42538Oct 22, 2021risk 0.00cvss —epss 0.01
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
- CVE-2020-12030Sep 29, 2021risk 0.00cvss —epss 0.01
There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway.
- CVE-2020-19419Mar 10, 2021risk 0.00cvss —epss 0.03
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication.
- CVE-2020-19417Mar 10, 2021risk 0.00cvss —epss 0.03
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.