VYPR

Vendor CVEs

Azure Access Technology

All CVEs

47 total · sorted by risk
  • CVE-2025-12603Nov 1, 2025
    risk 0.00cvss epss 0.00

    /etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12602Nov 1, 2025
    risk 0.00cvss epss 0.00

    /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12601Nov 1, 2025
    risk 0.00cvss epss 0.00

    Denial of Service Due to SlowLoris.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12600Nov 1, 2025
    risk 0.00cvss epss 0.00

    Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12599Nov 1, 2025
    risk 0.00cvss epss 0.00

    Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12554Oct 31, 2025
    risk 0.00cvss epss 0.00

    Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12553Oct 31, 2025
    risk 0.00cvss epss 0.00

    Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12552Oct 31, 2025
    risk 0.00cvss epss 0.00

    Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12517Oct 30, 2025
    risk 0.00cvss epss 0.00

    Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12516Oct 30, 2025
    risk 0.00cvss epss 0.00

    Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12515Oct 30, 2025
    risk 0.00cvss epss 0.00

    Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12479Oct 29, 2025
    risk 0.00cvss epss 0.00

    Systemic Lack of Cross-Site Request Forgery (CSRF) Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12478Oct 29, 2025
    risk 0.00cvss epss 0.00

    Non-Compliant TLS Configuration.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12477Oct 29, 2025
    risk 0.00cvss epss 0.00

    Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12476Oct 29, 2025
    risk 0.00cvss epss 0.00

    Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12425Oct 28, 2025
    risk 0.00cvss epss 0.00

    Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12424Oct 28, 2025
    risk 0.00cvss epss 0.00

    Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12423Oct 28, 2025
    risk 0.00cvss epss 0.00

    Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

  • CVE-2025-12422Oct 28, 2025
    risk 0.00cvss epss 0.00

    Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12365Oct 27, 2025
    risk 0.00cvss epss 0.00

    Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12364Oct 27, 2025
    risk 0.00cvss epss 0.00

    Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12363Oct 27, 2025
    risk 0.00cvss epss 0.00

    Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12285Oct 26, 2025
    risk 0.00cvss epss 0.00

    Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12284Oct 26, 2025
    risk 0.00cvss epss 0.00

    Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12275Oct 26, 2025
    risk 0.00cvss epss 0.01

    Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12278Oct 26, 2025
    risk 0.00cvss epss 0.00

    Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12221Oct 25, 2025
    risk 0.00cvss epss 0.00

    Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12220Oct 25, 2025
    risk 0.00cvss epss 0.00

    Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12219Oct 25, 2025
    risk 0.00cvss epss 0.00

    Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12218Oct 25, 2025
    risk 0.00cvss epss 0.00

    Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12217Oct 25, 2025
    risk 0.00cvss epss 0.00

    SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12216Oct 25, 2025
    risk 0.00cvss epss 0.00

    Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12176Oct 24, 2025
    risk 0.00cvss epss 0.00

    Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12114Oct 23, 2025
    risk 0.00cvss epss 0.00

    Enabled serial console could potentially leak information that might help attacker to find vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12104Oct 23, 2025
    risk 0.00cvss epss 0.00

    Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12031Oct 21, 2025
    risk 0.00cvss epss 0.00

    HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-12001Oct 20, 2025
    risk 0.00cvss epss 0.00

    Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-11925Oct 17, 2025
    risk 0.00cvss epss 0.00

    Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2025-11832Oct 15, 2025
    risk 0.00cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

  • CVE-2018-1000625Dec 28, 2018
    risk 0.00cvss epss 0.02

    Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.

  • CVE-2018-1000628Dec 28, 2018
    risk 0.00cvss epss 0.03

    Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when…

  • CVE-2018-1000631Dec 28, 2018
    risk 0.00cvss epss 0.02

    Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the…

  • CVE-2018-1000626Dec 28, 2018
    risk 0.00cvss epss 0.03

    Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain…

  • CVE-2018-1000627Dec 28, 2018
    risk 0.00cvss epss 0.02

    Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.

  • CVE-2018-1000630Dec 28, 2018
    risk 0.00cvss epss 0.02

    Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add,…

  • CVE-2018-1000629Dec 28, 2018
    risk 0.00cvss epss 0.01

    Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username…

  • CVE-2018-1000624Dec 28, 2018
    risk 0.00cvss epss 0.02

    Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.