Nexo Cordless Nutrunner Nxv012t 36v B (0608842016)
by Rexroth
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-48266 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||
| CVE-2023-48265 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||
| CVE-2023-48264 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||
| CVE-2023-48263 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||
| CVE-2023-48262 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | |||
| CVE-2023-48261 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | |||
| CVE-2023-48260 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | |||
| CVE-2023-48259 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | |||
| CVE-2023-48258 | 0.00 | — | 0.00 | Jan 10, 2024 | The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. | |||
| CVE-2023-48257 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or… | |||
| CVE-2023-48256 | 0.00 | — | 0.00 | Jan 10, 2024 | The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. | |||
| CVE-2023-48255 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the… | |||
| CVE-2023-48254 | 0.00 | — | 0.00 | Jan 10, 2024 | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | |||
| CVE-2023-48253 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values… | |||
| CVE-2023-48252 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | |||
| CVE-2023-48251 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | |||
| CVE-2023-48250 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. | |||
| CVE-2023-48249 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other… | |||
| CVE-2023-48248 | 0.00 | — | 0.00 | Jan 10, 2024 | The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the… | |||
| CVE-2023-48247 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. |
- CVE-2023-48266Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- CVE-2023-48265Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- CVE-2023-48264Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- CVE-2023-48263Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- CVE-2023-48262Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- CVE-2023-48261Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
- CVE-2023-48260Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
- CVE-2023-48259Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
- CVE-2023-48258Jan 10, 2024risk 0.00cvss —epss 0.00
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session.
- CVE-2023-48257Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or…
- CVE-2023-48256Jan 10, 2024risk 0.00cvss —epss 0.00
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.
- CVE-2023-48255Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the…
- CVE-2023-48254Jan 10, 2024risk 0.00cvss —epss 0.00
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
- CVE-2023-48253Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values…
- CVE-2023-48252Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
- CVE-2023-48251Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
- CVE-2023-48250Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
- CVE-2023-48249Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other…
- CVE-2023-48248Jan 10, 2024risk 0.00cvss —epss 0.00
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the…
- CVE-2023-48247Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
Page 1 of 2