VYPR

Room Alert 4E

by AVTECH SECURITY Corporation

CVEs (3)

  • CVE-2024-33471HigMay 24, 2024
    risk 0.47cvss 7.2epss 0.00

    An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

  • CVE-2024-33470MedMay 24, 2024
    risk 0.32cvss 4.9epss 0.00

    An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

  • CVE-2019-13379Jul 7, 2019
    risk 0.01cvss epss 0.03

    On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.