Uffizio
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-17485 | Cri | 0.64 | 9.8 | 0.02 | Dec 16, 2023 | A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources | ||
| CVE-2020-17483 | Hig | 0.49 | 7.5 | 0.01 | Dec 16, 2023 | An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the… | ||
| CVE-2021-32927 | Hig | 0.46 | 7.1 | 0.01 | Apr 22, 2022 | An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker. | ||
| CVE-2020-17484 | Med | 0.40 | 6.1 | 0.00 | Dec 16, 2023 | An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain. | ||
| CVE-2021-32929 | Med | 0.28 | 4.3 | 0.00 | Apr 22, 2022 | All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user. |
- risk 0.64cvss 9.8epss 0.02
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources
- risk 0.49cvss 7.5epss 0.01
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the…
- risk 0.46cvss 7.1epss 0.01
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.
- risk 0.40cvss 6.1epss 0.00
An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain.
- risk 0.28cvss 4.3epss 0.00
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.