Tembria
Products
4- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41988 | Cri | 0.60 | — | 0.01 | Oct 3, 2024 | TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to… | ||
| CVE-2024-41987 | Hig | 0.56 | — | 0.00 | Oct 3, 2024 | The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in… | ||
| CVE-2022-2591 | Hig | 0.52 | 7.5 | 0.06 | Aug 1, 2022 | A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the… | ||
| CVE-2022-1077 | Med | 0.35 | 5.3 | 0.02 | Mar 29, 2022 | A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does… | ||
| CVE-2022-1074 | Med | 0.28 | 4.3 | 0.00 | Mar 29, 2022 | A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input HTML Injection in the WiFi settings of the dashboard leads to html injection. | ||
| CVE-2010-1316 | 0.04 | — | 0.10 | Apr 14, 2010 | Multiple stack-based buffer overflows in Tembria Server Monitor before 5.6.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted (1) GET, (2) PUT, or (3) HEAD request, as demonstrated by a malformed GET request… | |||
| CVE-2011-3685 | 0.00 | — | 0.00 | Sep 27, 2011 | Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory. | |||
| CVE-2011-3684 | 0.00 | — | 0.01 | Sep 27, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid… |
- risk 0.60cvss —epss 0.01
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to…
- risk 0.56cvss —epss 0.00
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in…
- risk 0.52cvss 7.5epss 0.06
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the…
- risk 0.35cvss 5.3epss 0.02
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input HTML Injection in the WiFi settings of the dashboard leads to html injection.
- CVE-2010-1316Apr 14, 2010risk 0.04cvss —epss 0.10
Multiple stack-based buffer overflows in Tembria Server Monitor before 5.6.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted (1) GET, (2) PUT, or (3) HEAD request, as demonstrated by a malformed GET request…
- CVE-2011-3685Sep 27, 2011risk 0.00cvss —epss 0.00
Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory.
- CVE-2011-3684Sep 27, 2011risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid…