VYPR

Director SD-WAN orchestration platform

by Versa Networks

CVEs (3)

  • CVE-2025-23173HigJun 19, 2025
    risk 0.49cvss 7.5epss 0.01

    The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as…

  • CVE-2025-23172HigJun 19, 2025
    risk 0.47cvss 7.2epss 0.01

    The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This…

  • CVE-2025-23168MedJun 19, 2025
    risk 0.41cvss 6.3epss 0.00

    The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and…