Progauge Maglink Lx4 Console
by Dover Fueling Solutions (dfs)
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45066 | Cri | 0.65 | 10.0 | 0.01 | Sep 25, 2024 | A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. | ||
| CVE-2024-43693 | Cri | 0.65 | 10.0 | 0.01 | Sep 25, 2024 | A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. | ||
| CVE-2025-30519 | Cri | 0.64 | 9.8 | 0.00 | Sep 18, 2025 | Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system. | ||
| CVE-2025-5310 | Cri | 0.64 | 9.8 | 0.01 | Jun 27, 2025 | Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution. | ||
| CVE-2024-43692 | Cri | 0.64 | 9.8 | 0.01 | Sep 25, 2024 | An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. | ||
| CVE-2024-43423 | Cri | 0.64 | 9.8 | 0.01 | Sep 25, 2024 | The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. | ||
| CVE-2024-45373 | Hig | 0.57 | 8.8 | 0.00 | Sep 25, 2024 | Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. | ||
| CVE-2024-41725 | Hig | 0.57 | 8.8 | 0.00 | Sep 25, 2024 | ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. | ||
| CVE-2025-55068 | Hig | 0.53 | 8.2 | 0.00 | Sep 18, 2025 | Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition. |
- risk 0.65cvss 10.0epss 0.01
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
- risk 0.65cvss 10.0epss 0.01
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
- risk 0.64cvss 9.8epss 0.00
Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system.
- risk 0.64cvss 9.8epss 0.01
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.
- risk 0.64cvss 9.8epss 0.01
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
- risk 0.64cvss 9.8epss 0.01
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.
- risk 0.57cvss 8.8epss 0.00
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.
- risk 0.57cvss 8.8epss 0.00
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.
- risk 0.53cvss 8.2epss 0.00
Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition.