Technik Microcontrol Firmware
by Schrack
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-8329 | 0.00 | — | 0.01 | Oct 20, 2014 | Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt. | ||
| CVE-2014-5396 | 0.00 | — | 0.00 | Aug 22, 2014 | The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||
| CVE-2014-5382 | 0.00 | — | 0.00 | Aug 20, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors. |
- CVE-2014-8329Oct 20, 2014risk 0.00cvss —epss 0.01
Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.
- CVE-2014-5396Aug 22, 2014risk 0.00cvss —epss 0.00
The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access via unspecified vectors.
- CVE-2014-5382Aug 20, 2014risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors.