Vendor
Cellinx
Products
4
CVEs
4
Across products
4
Status
Private
Products
4- 2 CVEs
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-28250 | Cri | 0.64 | 9.8 | 0.03 | Nov 6, 2020 | Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. | ||
| CVE-2022-30620 | Hig | 0.53 | 8.2 | 0.00 | Jul 18, 2022 | On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Administrative Privileges which allows changing various configuration in the… | ||
| CVE-2023-23063 | Hig | 0.49 | 7.5 | 0.02 | Feb 22, 2023 | Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. | ||
| CVE-2024-24215 | Med | 0.34 | 5.3 | 0.01 | Feb 8, 2024 | An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. |
- risk 0.64cvss 9.8epss 0.03
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side.
- risk 0.53cvss 8.2epss 0.00
On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Administrative Privileges which allows changing various configuration in the…
- risk 0.49cvss 7.5epss 0.02
Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi.
- risk 0.34cvss 5.3epss 0.01
An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.