Cellopoint Celloos vulnerabilities
4 known vulnerabilities affecting cellopoint/celloos.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-12059P2HIGHCVSS 8.8fixed in 4.8.0 Build 202603162026-06-12
CVE-2026-12059 [HIGH] CWE-1284 CVE-2026-12059: The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, all
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.
nvd
CVE-2020-17384P3HIGHCVSS 7.2≤ v4.1.10 Build 201909222020-08-25
CVE-2020-17384 [HIGH] CWE-78 CVE-2020-17384: Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie o
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
nvd
CVE-2020-17385P3HIGHCVSS 7.5≤ v4.1.10 Build 201909222020-08-25
CVE-2020-17385 [HIGH] CWE-22 CVE-2020-17385: Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unau
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
nvd
CVE-2020-17386P3MEDIUMCVSS 6.5≤ v4.1.10 Build 201909222020-08-25
CVE-2020-17386 [MEDIUM] CWE-918 CVE-2020-17386: Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.
nvd