Vendor CVEs
Azure Access Technology
All CVEs
47 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-12603 | 0.00 | — | 0.00 | Nov 1, 2025 | /etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12602 | 0.00 | — | 0.00 | Nov 1, 2025 | /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12601 | 0.00 | — | 0.00 | Nov 1, 2025 | Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12600 | 0.00 | — | 0.00 | Nov 1, 2025 | Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12599 | 0.00 | — | 0.00 | Nov 1, 2025 | Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12554 | 0.00 | — | 0.00 | Oct 31, 2025 | Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12553 | 0.00 | — | 0.00 | Oct 31, 2025 | Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12552 | 0.00 | — | 0.00 | Oct 31, 2025 | Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12517 | 0.00 | — | 0.00 | Oct 30, 2025 | Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12516 | 0.00 | — | 0.00 | Oct 30, 2025 | Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12515 | 0.00 | — | 0.00 | Oct 30, 2025 | Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12479 | 0.00 | — | 0.00 | Oct 29, 2025 | Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12478 | 0.00 | — | 0.00 | Oct 29, 2025 | Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12477 | 0.00 | — | 0.00 | Oct 29, 2025 | Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12476 | 0.00 | — | 0.00 | Oct 29, 2025 | Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12425 | 0.00 | — | 0.00 | Oct 28, 2025 | Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12424 | 0.00 | — | 0.00 | Oct 28, 2025 | Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12423 | 0.00 | — | 0.00 | Oct 28, 2025 | Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . | |||
| CVE-2025-12422 | 0.00 | — | 0.00 | Oct 28, 2025 | Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12365 | 0.00 | — | 0.00 | Oct 27, 2025 | Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12364 | 0.00 | — | 0.00 | Oct 27, 2025 | Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12363 | 0.00 | — | 0.00 | Oct 27, 2025 | Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12285 | 0.00 | — | 0.00 | Oct 26, 2025 | Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12284 | 0.00 | — | 0.00 | Oct 26, 2025 | Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12275 | 0.00 | — | 0.01 | Oct 26, 2025 | Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12278 | 0.00 | — | 0.00 | Oct 26, 2025 | Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12221 | 0.00 | — | 0.00 | Oct 25, 2025 | Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12220 | 0.00 | — | 0.00 | Oct 25, 2025 | Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12219 | 0.00 | — | 0.00 | Oct 25, 2025 | Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12218 | 0.00 | — | 0.00 | Oct 25, 2025 | Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12217 | 0.00 | — | 0.00 | Oct 25, 2025 | SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12216 | 0.00 | — | 0.00 | Oct 25, 2025 | Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12176 | 0.00 | — | 0.00 | Oct 24, 2025 | Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12114 | 0.00 | — | 0.00 | Oct 23, 2025 | Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12104 | 0.00 | — | 0.00 | Oct 23, 2025 | Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12031 | 0.00 | — | 0.00 | Oct 21, 2025 | HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-12001 | 0.00 | — | 0.00 | Oct 20, 2025 | Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-11925 | 0.00 | — | 0.00 | Oct 17, 2025 | Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2025-11832 | 0.00 | — | 0.00 | Oct 15, 2025 | Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||
| CVE-2018-1000625 | 0.00 | — | 0.02 | Dec 28, 2018 | Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system. | |||
| CVE-2018-1000628 | 0.00 | — | 0.03 | Dec 28, 2018 | Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when… | |||
| CVE-2018-1000631 | 0.00 | — | 0.02 | Dec 28, 2018 | Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the… | |||
| CVE-2018-1000626 | 0.00 | — | 0.03 | Dec 28, 2018 | Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain… | |||
| CVE-2018-1000627 | 0.00 | — | 0.02 | Dec 28, 2018 | Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system. | |||
| CVE-2018-1000630 | 0.00 | — | 0.02 | Dec 28, 2018 | Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add,… | |||
| CVE-2018-1000629 | 0.00 | — | 0.01 | Dec 28, 2018 | Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username… | |||
| CVE-2018-1000624 | 0.00 | — | 0.02 | Dec 28, 2018 | Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system. |
- CVE-2025-12603Nov 1, 2025risk 0.00cvss —epss 0.00
/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12602Nov 1, 2025risk 0.00cvss —epss 0.00
/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12601Nov 1, 2025risk 0.00cvss —epss 0.00
Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12600Nov 1, 2025risk 0.00cvss —epss 0.00
Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12599Nov 1, 2025risk 0.00cvss —epss 0.00
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12554Oct 31, 2025risk 0.00cvss —epss 0.00
Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12553Oct 31, 2025risk 0.00cvss —epss 0.00
Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12552Oct 31, 2025risk 0.00cvss —epss 0.00
Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12517Oct 30, 2025risk 0.00cvss —epss 0.00
Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12516Oct 30, 2025risk 0.00cvss —epss 0.00
Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12515Oct 30, 2025risk 0.00cvss —epss 0.00
Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12479Oct 29, 2025risk 0.00cvss —epss 0.00
Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12478Oct 29, 2025risk 0.00cvss —epss 0.00
Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12477Oct 29, 2025risk 0.00cvss —epss 0.00
Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12476Oct 29, 2025risk 0.00cvss —epss 0.00
Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12425Oct 28, 2025risk 0.00cvss —epss 0.00
Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12424Oct 28, 2025risk 0.00cvss —epss 0.00
Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12423Oct 28, 2025risk 0.00cvss —epss 0.00
Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
- CVE-2025-12422Oct 28, 2025risk 0.00cvss —epss 0.00
Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12365Oct 27, 2025risk 0.00cvss —epss 0.00
Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12364Oct 27, 2025risk 0.00cvss —epss 0.00
Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12363Oct 27, 2025risk 0.00cvss —epss 0.00
Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12285Oct 26, 2025risk 0.00cvss —epss 0.00
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12284Oct 26, 2025risk 0.00cvss —epss 0.00
Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12275Oct 26, 2025risk 0.00cvss —epss 0.01
Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12278Oct 26, 2025risk 0.00cvss —epss 0.00
Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12221Oct 25, 2025risk 0.00cvss —epss 0.00
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12220Oct 25, 2025risk 0.00cvss —epss 0.00
Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12219Oct 25, 2025risk 0.00cvss —epss 0.00
Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12218Oct 25, 2025risk 0.00cvss —epss 0.00
Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12217Oct 25, 2025risk 0.00cvss —epss 0.00
SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12216Oct 25, 2025risk 0.00cvss —epss 0.00
Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12176Oct 24, 2025risk 0.00cvss —epss 0.00
Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12114Oct 23, 2025risk 0.00cvss —epss 0.00
Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12104Oct 23, 2025risk 0.00cvss —epss 0.00
Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12031Oct 21, 2025risk 0.00cvss —epss 0.00
HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-12001Oct 20, 2025risk 0.00cvss —epss 0.00
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-11925Oct 17, 2025risk 0.00cvss —epss 0.00
Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2025-11832Oct 15, 2025risk 0.00cvss —epss 0.00
Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
- CVE-2018-1000625Dec 28, 2018risk 0.00cvss —epss 0.02
Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.
- CVE-2018-1000628Dec 28, 2018risk 0.00cvss —epss 0.03
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when…
- CVE-2018-1000631Dec 28, 2018risk 0.00cvss —epss 0.02
Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the…
- CVE-2018-1000626Dec 28, 2018risk 0.00cvss —epss 0.03
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain…
- CVE-2018-1000627Dec 28, 2018risk 0.00cvss —epss 0.02
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.
- CVE-2018-1000630Dec 28, 2018risk 0.00cvss —epss 0.02
Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add,…
- CVE-2018-1000629Dec 28, 2018risk 0.00cvss —epss 0.01
Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username…
- CVE-2018-1000624Dec 28, 2018risk 0.00cvss —epss 0.02
Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.