VYPR

Empirbus Wireless Display Unit Firmware

by Garmin

CVEs (4)

  • CVE-2025-27851CriMay 13, 2026
    risk 0.60cvss 9.3epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of…

  • CVE-2025-27850HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a…

  • CVE-2025-27853HigMay 13, 2026
    risk 0.47cvss 7.3epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be bypassed. The WDU web site only performs authentication with the client within the client's browser. The WebSockets used to communicate with the WDU server do not enforce any…

  • CVE-2025-27852MedMay 13, 2026
    risk 0.33cvss 5.0epss 0.00

    The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site scripting (XSS) attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level…