VYPR

ctrlX OS

by Bosch

CVEs (15)

  • CVE-2025-24351HigApr 30, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.

  • CVE-2025-24346HigApr 30, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.

  • CVE-2025-24350HigApr 30, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request.

  • CVE-2025-24349HigApr 30, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request.

  • CVE-2025-24338HigApr 30, 2025
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests.

  • CVE-2025-27532MedApr 30, 2025
    risk 0.42cvss 6.5epss 0.03

    A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.

  • CVE-2025-24347MedApr 30, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.

  • CVE-2025-24341MedApr 30, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the…

  • CVE-2025-24340MedApr 30, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users.

  • CVE-2025-24345MedApr 30, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request.

  • CVE-2025-24344MedApr 30, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request.

  • CVE-2025-24348MedApr 30, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request.

  • CVE-2025-24343MedApr 30, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request.

  • CVE-2025-24342MedApr 30, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests.

  • CVE-2025-24339MedApr 30, 2025
    risk 0.33cvss 5.0epss 0.00

    A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request.