VYPR

Waybox

by Enel X

CVEs (6)

  • CVE-2023-29120CriNov 5, 2024
    risk 0.62cvss 9.6epss 0.00

    Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.

  • CVE-2023-29125CriNov 5, 2024
    risk 0.59cvss 9.0epss 0.00

    A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.

  • CVE-2023-29117HigNov 5, 2024
    risk 0.57cvss 8.8epss 0.00

    Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.

  • CVE-2023-29114MedNov 5, 2024
    risk 0.37cvss 5.7epss 0.00

    System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: •     Wi-Fi access point credentials to which the EV charger can connect. •     APN web…

  • CVE-2023-29116MedNov 5, 2024
    risk 0.28cvss 4.3epss 0.00

    Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.

  • CVE-2023-29126MedNov 5, 2024
    risk 0.27cvss 4.2epss 0.00

    The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.