VYPR

Progauge Maglink Lx4 Console

by Dover Fueling Solutions (dfs)

CVEs (9)

  • CVE-2024-45066CriSep 25, 2024
    risk 0.65cvss 10.0epss 0.01

    A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.

  • CVE-2024-43693CriSep 25, 2024
    risk 0.65cvss 10.0epss 0.01

    A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.

  • CVE-2025-30519CriSep 18, 2025
    risk 0.64cvss 9.8epss 0.00

    Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system.

  • CVE-2025-5310CriJun 27, 2025
    risk 0.64cvss 9.8epss 0.01

    Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.

  • CVE-2024-43692CriSep 25, 2024
    risk 0.64cvss 9.8epss 0.01

    An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.

  • CVE-2024-43423CriSep 25, 2024
    risk 0.64cvss 9.8epss 0.01

    The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.

  • CVE-2024-45373HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.

  • CVE-2024-41725HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.

  • CVE-2025-55068HigSep 18, 2025
    risk 0.53cvss 8.2epss 0.00

    Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition.