Amttgroup Hibos vulnerabilities
10 known vulnerabilities affecting amttgroup/hibos.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-2701P2CRITICALCVSS 9.8v1.02025-03-24
CVE-2025-2701 [CRITICAL] CWE-77 CVE-2025-2701: A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This
A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command injection. The attack can be initiated remotely. The ex
nvd
CVE-2025-3983P2HIGHCVSS 7.2v1.02025-04-27
CVE-2025-3983 [HIGH] CWE-74 CVE-2025-3983: A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critic
A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument ProtocolType leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the p
nvd
CVE-2025-12253P3CRITICALCVSS 9.8v1.02025-10-27
CVE-2025-12253 [CRITICAL] CWE-74 CVE-2025-12253: A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulner
A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation of the argument uid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendo
nvd
CVE-2024-11051P3HIGHCVSS 8.8≤ 3.0.3.1512042024-11-10
CVE-2024-11051 [HIGH] CWE-74 CVE-2024-11051: A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been c
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/online_status.php. The manipulation of the argument AccountID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th
nvd
CVE-2023-6647P3CRITICALCVSS 9.8v1.02023-12-10
CVE-2023-6647 [CRITICAL] CWE-89 CVE-2023-6647: A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by thi
A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340.
nvd
CVE-2025-13123P3CRITICALCVSS 9.8v1.02025-11-13
CVE-2025-13123 [CRITICAL] CWE-74 CVE-2025-13123: A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unkno
A flaw has been found in AMTT Hotel Broadband Operation System 1.0. The impacted element is an unknown function of the file /user/portal/get_firstdate.php. Executing manipulation of the argument uid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early
nvd
CVE-2024-41476P3CRITICALCVSS 9.8≤ 3.0.3.1512042024-08-12
CVE-2024-41476 [CRITICAL] CWE-79 CVE-2024-41476: AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injectio
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
nvd
CVE-2025-14090P3HIGHCVSS 7.2v1.02025-12-05
CVE-2025-14090 [HIGH] CWE-74 CVE-2025-14090: A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an un
A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmake_down.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was
nvd
CVE-2024-39072P4MEDIUMCVSS 5.5v3.0.3.1512042024-07-09
CVE-2024-39072 [MEDIUM] CWE-89 CVE-2024-39072: AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manag
AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendar_remind.php.
nvd
CVE-2024-11050P4MEDIUMCVSS 5.4≤ 3.0.3.1512042024-11-10
CVE-2024-11050 [MEDIUM] CWE-79 CVE-2024-11050: A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the
nvd