Web Controller 3
by ESPEC
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27845 | Cri | 0.64 | 9.8 | 0.00 | Aug 14, 2025 | In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI. | ||
| CVE-2025-27847 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. | ||
| CVE-2025-27846 | Med | 0.28 | 4.3 | 0.00 | Aug 14, 2025 | In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected. |
- risk 0.64cvss 9.8epss 0.00
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.
- risk 0.28cvss 4.3epss 0.00
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout.
- risk 0.28cvss 4.3epss 0.00
In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected.