Nexo Cordless Nutrunner Nxv012t 36v B (0608842016)
by Rexroth
CVEs (25)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-48246 | 0.00 | — | 0.00 | Jan 10, 2024 | The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | ||
| CVE-2023-48245 | 0.00 | — | 0.00 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | ||
| CVE-2023-48244 | 0.00 | — | 0.00 | Jan 10, 2024 | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | ||
| CVE-2023-48243 | 0.00 | — | 0.02 | Jan 10, 2024 | The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | ||
| CVE-2023-48242 | 0.00 | — | 0.00 | Jan 10, 2024 | The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. |
Page 2 of 2