VYPR
Vendor

KramerAV

Products
3
CVEs
8
Across products
10
Status
Private

Products

3

Recent CVEs

8
  • CVE-2021-35064CriJul 12, 2021
    risk 0.72cvss 9.8epss 0.71

    KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.

  • CVE-2021-36356CriAug 31, 2021
    risk 0.71cvss 9.8epss 0.54

    KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an…

  • CVE-2019-17124CriOct 9, 2019
    risk 0.69cvss 9.8epss 0.23

    Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.

  • CVE-2023-33509CriMay 31, 2023
    risk 0.64cvss 9.8epss 0.01

    KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection.

  • CVE-2023-33508CriMay 31, 2023
    risk 0.64cvss 9.8epss 0.01

    KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE).

  • CVE-2023-33468CriAug 9, 2023
    risk 0.59cvss 9.1epss 0.01

    KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly…

  • CVE-2023-33469HigAug 9, 2023
    risk 0.51cvss 7.8epss 0.00

    In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.

  • CVE-2023-33507HigMay 31, 2023
    risk 0.49cvss 7.5epss 0.01

    KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.