VYPR
Vendor

2wcom

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2025-43953HigSep 22, 2025
    risk 0.57cvss 8.8epss 0.07

    In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen.

  • CVE-2025-57438Sep 22, 2025
    risk 0.00cvss epss 0.00

    The 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible only after the admin explicitly grants access to a manager-level account. However, a manager-level user can bypass these controls by…

  • CVE-2025-57433Sep 22, 2025
    risk 0.00cvss epss 0.00

    The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint (/cwi/ajax_request/get_data.php), an authenticated attacker (even with a low-privileged account like guest) can retrieve the…