VYPR

Xweb 500b Pro Firmware

by Copeland

CVEs (3)

  • CVE-2026-25109HigFeb 27, 2026
    risk 0.52cvss 8.0epss 0.02

    An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route.

  • CVE-2026-20910HigFeb 27, 2026
    risk 0.52cvss 8.0epss 0.01

    An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update action to achieve remote code…

  • CVE-2026-20797MedFeb 27, 2026
    risk 0.28cvss 4.3epss 0.01

    A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.