VYPR

Maxiva UAXT, VAXT transmitters

by GatesAir

CVEs (2)

  • CVE-2025-22960HigFeb 13, 2025
    risk 0.52cvss 8.0epss 0.00

    A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog*), potentially revealing sensitive session-related information such as session…

  • CVE-2025-22962HigFeb 13, 2025
    risk 0.47cvss 7.2epss 0.01

    A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID (sess_id) can send specially crafted POST requests to the /json…