VYPR

Device Manager

by Wyse

CVEs (2)

  • CVE-2009-0695Jun 19, 2012
    risk 0.09cvss epss 0.69

    hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

  • CVE-2009-0693Jun 19, 2012
    risk 0.04cvss epss 0.13

    Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.