VYPR

MAGLINK LX4 CONSOLE

by ProGauge

CVEs (5)

  • CVE-2024-45066CriSep 25, 2024
    risk 0.65cvss 10.0epss 0.01

    A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.

  • CVE-2024-43692CriSep 25, 2024
    risk 0.64cvss 9.8epss 0.01

    An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.

  • CVE-2024-43423CriSep 25, 2024
    risk 0.64cvss 9.8epss 0.01

    The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.

  • CVE-2024-45373HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.

  • CVE-2024-41725HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.