Generex
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-47190 | Cri | 0.65 | 10.0 | 0.02 | Mar 31, 2023 | Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | ||
| CVE-2022-42457 | Cri | 0.59 | 9.1 | 0.02 | Oct 6, 2022 | Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh). | ||
| CVE-2022-47192 | Hig | 0.57 | 8.8 | 0.01 | Mar 31, 2023 | Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password. | ||
| CVE-2022-47186 | Hig | 0.49 | 7.5 | 0.01 | Sep 28, 2023 | There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory. | ||
| CVE-2022-47189 | Hig | 0.49 | 7.5 | 0.01 | Mar 31, 2023 | Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. | ||
| CVE-2022-47188 | Hig | 0.49 | 7.5 | 0.01 | Mar 31, 2023 | There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. | ||
| CVE-2022-47187 | Med | 0.34 | 5.3 | 0.00 | Sep 28, 2023 | There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file. | ||
| CVE-2022-47191 | Med | 0.28 | 4.3 | 0.01 | Mar 31, 2023 | Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. |
- risk 0.65cvss 10.0epss 0.02
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
- risk 0.59cvss 9.1epss 0.02
Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh).
- risk 0.57cvss 8.8epss 0.01
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.
- risk 0.49cvss 7.5epss 0.01
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
- risk 0.49cvss 7.5epss 0.01
Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.
- risk 0.49cvss 7.5epss 0.01
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
- risk 0.34cvss 5.3epss 0.00
There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.
- risk 0.28cvss 4.3epss 0.01
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.