VYPR

Director SD-WAN

by Versa Networks

CVEs (3)

  • CVE-2025-23170MedJun 19, 2025
    risk 0.44cvss 6.7epss 0.01

    The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an…

  • CVE-2025-24291MedJun 19, 2025
    risk 0.40cvss 6.1epss 0.00

    The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME…

  • CVE-2025-23169MedJun 19, 2025
    risk 0.40cvss 6.1epss 0.00

    The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store…