DiCal-RED 4009
by Swissphone
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36445 | Cri | 0.64 | 9.8 | 0.01 | Aug 22, 2024 | Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. | ||
| CVE-2024-36439 | Cri | 0.61 | 9.4 | 0.01 | Aug 22, 2024 | Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password. | ||
| CVE-2024-36442 | Hig | 0.57 | 8.8 | 0.00 | Aug 22, 2024 | cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system. | ||
| CVE-2024-36444 | Hig | 0.53 | 8.1 | 0.00 | Aug 22, 2024 | cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs. | ||
| CVE-2024-36443 | Hig | 0.49 | 7.6 | 0.00 | Aug 22, 2024 | Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. | ||
| CVE-2024-36440 | Med | 0.44 | 6.8 | 0.00 | Aug 22, 2024 | An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used. | ||
| CVE-2024-36441 | Med | 0.35 | 5.4 | 0.00 | Aug 22, 2024 | Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device. |
- risk 0.64cvss 9.8epss 0.01
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication.
- risk 0.61cvss 9.4epss 0.01
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password.
- risk 0.57cvss 8.8epss 0.00
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system.
- risk 0.53cvss 8.1epss 0.00
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs.
- risk 0.49cvss 7.6epss 0.00
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP.
- risk 0.44cvss 6.8epss 0.00
An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used.
- risk 0.35cvss 5.4epss 0.00
Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device.