VYPR
Vendor

Tembria

Products
4
CVEs
8
Across products
11
Status
Private

Products

4

Recent CVEs

8
  • CVE-2024-41988CriOct 3, 2024
    risk 0.60cvss epss 0.01

    TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to…

  • CVE-2024-41987HigOct 3, 2024
    risk 0.56cvss epss 0.00

    The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in…

  • CVE-2022-2591HigAug 1, 2022
    risk 0.52cvss 7.5epss 0.06

    A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the…

  • CVE-2022-1077MedMar 29, 2022
    risk 0.35cvss 5.3epss 0.02

    A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does…

  • CVE-2022-1074MedMar 29, 2022
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input HTML Injection in the WiFi settings of the dashboard leads to html injection.

  • CVE-2010-1316Apr 14, 2010
    risk 0.04cvss epss 0.10

    Multiple stack-based buffer overflows in Tembria Server Monitor before 5.6.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted (1) GET, (2) PUT, or (3) HEAD request, as demonstrated by a malformed GET request…

  • CVE-2011-3685Sep 27, 2011
    risk 0.00cvss epss 0.00

    Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory.

  • CVE-2011-3684Sep 27, 2011
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid…