VDE
by VDE
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25995 | Cri | 0.64 | 9.8 | 0.01 | Mar 12, 2024 | An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation. | ||
| CVE-2023-4149 | Cri | 0.64 | 9.8 | 0.01 | Nov 21, 2023 | A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based… | ||
| CVE-2022-45140 | Cri | 0.64 | 9.8 | 0.01 | Feb 27, 2023 | The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | ||
| CVE-2024-26288 | Hig | 0.57 | 8.7 | 0.00 | Mar 12, 2024 | An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected. | ||
| CVE-2023-6357 | Hig | 0.57 | 8.8 | 0.01 | Dec 5, 2023 | A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device. | ||
| CVE-2024-25999 | Hig | 0.55 | 8.4 | 0.00 | Mar 12, 2024 | An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. | ||
| CVE-2024-25998 | Hig | 0.48 | 7.3 | 0.01 | Mar 12, 2024 | An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | ||
| CVE-2022-3738 | Med | 0.38 | 5.9 | 0.01 | Jan 19, 2023 | The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be… | ||
| CVE-2024-25997 | Med | 0.35 | 5.3 | 0.01 | Mar 12, 2024 | An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. | ||
| CVE-2024-25994 | Med | 0.35 | 5.3 | 0.01 | Mar 12, 2024 | An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. | ||
| CVE-2024-25996 | Med | 0.34 | 5.3 | 0.00 | Mar 12, 2024 | An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. | ||
| CVE-2022-45139 | Med | 0.34 | 5.3 | 0.00 | Feb 27, 2023 | A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a… |
- risk 0.64cvss 9.8epss 0.01
An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.
- risk 0.64cvss 9.8epss 0.01
A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based…
- risk 0.64cvss 9.8epss 0.01
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.
- risk 0.57cvss 8.7epss 0.00
An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.
- risk 0.57cvss 8.8epss 0.01
A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.
- risk 0.55cvss 8.4epss 0.00
An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service.
- risk 0.48cvss 7.3epss 0.01
An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation.
- risk 0.38cvss 5.9epss 0.01
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be…
- risk 0.35cvss 5.3epss 0.01
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.
- risk 0.35cvss 5.3epss 0.01
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.
- risk 0.34cvss 5.3epss 0.00
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.
- risk 0.34cvss 5.3epss 0.00
A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a…