VYPR

communication module

by 1734 AENTR

CVEs (2)

  • CVE-2020-14502MedFeb 24, 2022
    risk 0.40cvss 6.1epss 0.01

    The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.

  • CVE-2020-14504MedFeb 24, 2022
    risk 0.35cvss 5.3epss 0.01

    The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.