BCU
by SaTECH
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2858 | Hig | 0.57 | 8.8 | 0.00 | Mar 28, 2025 | Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser. | ||
| CVE-2025-2862 | Hig | 0.49 | 7.5 | 0.00 | Mar 28, 2025 | SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption. | ||
| CVE-2025-2861 | Hig | 0.49 | 7.5 | 0.00 | Mar 28, 2025 | SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in… | ||
| CVE-2025-2865 | Med | 0.40 | 6.1 | 0.00 | Mar 28, 2025 | SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would… | ||
| CVE-2025-2864 | Med | 0.40 | 6.1 | 0.00 | Mar 28, 2025 | SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS). | ||
| CVE-2025-2860 | Med | 0.34 | 5.3 | 0.00 | Mar 28, 2025 | SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the… |
- risk 0.57cvss 8.8epss 0.00
Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser.
- risk 0.49cvss 7.5epss 0.00
SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption.
- risk 0.49cvss 7.5epss 0.00
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in…
- risk 0.40cvss 6.1epss 0.00
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would…
- risk 0.40cvss 6.1epss 0.00
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).
- risk 0.34cvss 5.3epss 0.00
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the…