VYPR

imageaccess

by ImageAccess

CVEs (13)

  • CVE-2024-28146HigDec 12, 2024
    risk 0.55cvss 8.4epss 0.00

    The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.

  • CVE-2024-28143HigDec 12, 2024
    risk 0.55cvss 8.4epss 0.00

    The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing…

  • CVE-2024-28138HigDec 10, 2024
    risk 0.48cvss 7.3epss 0.01

    An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized.

  • CVE-2024-47946HigDec 10, 2024
    risk 0.47cvss 7.2epss 0.01

    If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root.…

  • CVE-2024-28141MedDec 11, 2024
    risk 0.41cvss 6.3epss 0.00

    The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious…

  • CVE-2024-28140MedDec 11, 2024
    risk 0.40cvss 6.1epss 0.00

    The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as…

  • CVE-2024-28145MedDec 12, 2024
    risk 0.38cvss 5.9epss 0.01

    An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter…

  • CVE-2024-28144MedDec 12, 2024
    risk 0.36cvss 5.5epss 0.00

    An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.

  • CVE-2024-47947MedDec 12, 2024
    risk 0.31cvss 4.7epss 0.00

    Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can…

  • CVE-2024-36498MedDec 12, 2024
    risk 0.31cvss 4.7epss 0.01

    Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can…

  • CVE-2024-36494MedDec 12, 2024
    risk 0.31cvss 4.7epss 0.00

    Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only…

  • CVE-2024-28142MedDec 12, 2024
    risk 0.31cvss 4.7epss 0.00

    Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in the User Settings menu improperly filters the "file name" and wildcard character…

  • CVE-2024-50584MedDec 12, 2024
    risk 0.29cvss 4.4epss 0.00

    An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must…