Centrecom Ar260s V2 Firmware
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2125 | Hig | 0.57 | 8.8 | 0.02 | Apr 28, 2017 | Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. | ||
| CVE-2022-38394 | 0.00 | — | 0.01 | Sep 8, 2022 | Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command. | |||
| CVE-2022-38094 | 0.00 | — | 0.02 | Sep 8, 2022 | OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. | |||
| CVE-2022-35273 | 0.00 | — | 0.02 | Sep 8, 2022 | OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. | |||
| CVE-2022-34869 | 0.00 | — | 0.01 | Sep 8, 2022 | Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. |
- risk 0.57cvss 8.8epss 0.02
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.
- CVE-2022-38394Sep 8, 2022risk 0.00cvss —epss 0.01
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.
- CVE-2022-38094Sep 8, 2022risk 0.00cvss —epss 0.02
OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.
- CVE-2022-35273Sep 8, 2022risk 0.00cvss —epss 0.02
OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.
- CVE-2022-34869Sep 8, 2022risk 0.00cvss —epss 0.01
Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command.