VYPR

VPN

by Milesight

CVEs (6)

  • CVE-2023-22371HigJul 6, 2023
    risk 0.53cvss 8.1epss 0.03

    An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2023-23907HigJul 6, 2023
    risk 0.49cvss 7.5epss 0.01

    A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-22844HigJul 6, 2023
    risk 0.48cvss 7.3epss 0.01

    An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.

  • CVE-2023-22319HigJul 6, 2023
    risk 0.48cvss 7.3epss 0.01

    A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability.

  • CVE-2023-24497MedJul 6, 2023
    risk 0.31cvss 4.7epss 0.01

    Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these…

  • CVE-2023-24496MedJul 6, 2023
    risk 0.31cvss 4.7epss 0.01

    Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these…