X3

CVEs (8)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-30123	ROADCAM X3	Cri	0.64	9.8	0.00	Mar 18, 2025	An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device.
CVE-2025-30122	ROADCAM X3	Cri	0.64	9.8	0.00	Mar 18, 2025	An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices.
CVE-2020-7387	ROADCAM X3		0.07	—	0.36	Jul 22, 2021	Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was…
CVE-2018-7756	ROADCAM X3		0.06	—	0.62	Mar 14, 2018	RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file…
CVE-2020-7389	ROADCAM X3		0.01	—	0.02	Jul 22, 2021	Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.
CVE-2023-31868	ROADCAM X3		0.00	—	0.00	Jun 22, 2023	Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when…
CVE-2023-31867	ROADCAM X3		0.00	—	0.01	Jun 22, 2023	Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.
CVE-2020-7390	ROADCAM X3		0.00	—	0.01	Jul 22, 2021	Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 (components…

CVE-2025-30123CriMar 18, 2025
ROADCAM
X3
risk 0.64cvss 9.8epss 0.00
An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device.
CVE-2025-30122CriMar 18, 2025
ROADCAM
X3
risk 0.64cvss 9.8epss 0.00
An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices.
CVE-2020-7387Jul 22, 2021
ROADCAM
X3
risk 0.07cvss —epss 0.36
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was…
CVE-2018-7756Mar 14, 2018
ROADCAM
X3
risk 0.06cvss —epss 0.62
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file…
CVE-2020-7389Jul 22, 2021
ROADCAM
X3
risk 0.01cvss —epss 0.02
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.
CVE-2023-31868Jun 22, 2023
ROADCAM
X3
risk 0.00cvss —epss 0.00
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when…
CVE-2023-31867Jun 22, 2023
ROADCAM
X3
risk 0.00cvss —epss 0.01
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.
CVE-2020-7390Jul 22, 2021
ROADCAM
X3
risk 0.00cvss —epss 0.01
Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 (components…