VYPR

VDE

by VDE

CVEs (12)

  • CVE-2024-25995CriMar 12, 2024
    risk 0.64cvss 9.8epss 0.01

    An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.

  • CVE-2023-4149CriNov 21, 2023
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are executed with root privileges. The vulnerability is located in the user request handling of the web-based…

  • CVE-2022-45140CriFeb 27, 2023
    risk 0.64cvss 9.8epss 0.01

    The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.

  • CVE-2024-26288HigMar 12, 2024
    risk 0.57cvss 8.7epss 0.00

    An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected.

  • CVE-2023-6357HigDec 5, 2023
    risk 0.57cvss 8.8epss 0.01

    A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the device.

  • CVE-2024-25999HigMar 12, 2024
    risk 0.55cvss 8.4epss 0.00

    An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. 

  • CVE-2024-25998HigMar 12, 2024
    risk 0.48cvss 7.3epss 0.01

    An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation.

  • CVE-2022-3738MedJan 19, 2023
    risk 0.38cvss 5.9epss 0.01

    The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be…

  • CVE-2024-25997MedMar 12, 2024
    risk 0.35cvss 5.3epss 0.01

    An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.

  • CVE-2024-25994MedMar 12, 2024
    risk 0.35cvss 5.3epss 0.01

    An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only.

  • CVE-2024-25996MedMar 12, 2024
    risk 0.34cvss 5.3epss 0.00

    An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.

  • CVE-2022-45139MedFeb 27, 2023
    risk 0.34cvss 5.3epss 0.00

    A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a…