ctrlX OS
by Bosch
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24351 | Hig | 0.57 | 8.8 | 0.01 | Apr 30, 2025 | A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request. | ||
| CVE-2025-24346 | Hig | 0.49 | 7.5 | 0.00 | Apr 30, 2025 | A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request. | ||
| CVE-2025-24350 | Hig | 0.46 | 7.1 | 0.00 | Apr 30, 2025 | A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request. | ||
| CVE-2025-24349 | Hig | 0.46 | 7.1 | 0.00 | Apr 30, 2025 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request. | ||
| CVE-2025-24338 | Hig | 0.46 | 7.1 | 0.00 | Apr 30, 2025 | A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests. | ||
| CVE-2025-27532 | Med | 0.42 | 6.5 | 0.03 | Apr 30, 2025 | A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests. | ||
| CVE-2025-24347 | Med | 0.42 | 6.5 | 0.00 | Apr 30, 2025 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request. | ||
| CVE-2025-24341 | Med | 0.42 | 6.5 | 0.00 | Apr 30, 2025 | A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the… | ||
| CVE-2025-24340 | Med | 0.42 | 6.5 | 0.00 | Apr 30, 2025 | A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users. | ||
| CVE-2025-24345 | Med | 0.41 | 6.3 | 0.00 | Apr 30, 2025 | A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request. | ||
| CVE-2025-24344 | Med | 0.41 | 6.3 | 0.00 | Apr 30, 2025 | A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request. | ||
| CVE-2025-24348 | Med | 0.35 | 5.4 | 0.00 | Apr 30, 2025 | A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request. | ||
| CVE-2025-24343 | Med | 0.35 | 5.4 | 0.00 | Apr 30, 2025 | A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request. | ||
| CVE-2025-24342 | Med | 0.34 | 5.3 | 0.00 | Apr 30, 2025 | A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests. | ||
| CVE-2025-24339 | Med | 0.33 | 5.0 | 0.00 | Apr 30, 2025 | A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request. |
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.
- risk 0.49cvss 7.5epss 0.00
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.
- risk 0.46cvss 7.1epss 0.00
A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request.
- risk 0.46cvss 7.1epss 0.00
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request.
- risk 0.46cvss 7.1epss 0.00
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests.
- risk 0.42cvss 6.5epss 0.03
A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the…
- risk 0.42cvss 6.5epss 0.00
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.
- risk 0.41cvss 6.3epss 0.00
A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request.
- risk 0.41cvss 6.3epss 0.00
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request.
- risk 0.35cvss 5.4epss 0.00
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.
- risk 0.35cvss 5.4epss 0.00
A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request.
- risk 0.34cvss 5.3epss 0.00
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.
- risk 0.33cvss 5.0epss 0.00
A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request.