Contec Solarview Compact Firmware vulnerabilities
7 known vulnerabilities affecting contec/solarview_compact_firmware.
Total CVEs
7
CISA KEV
0
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL5HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-23333P1CRITICALCVSS 9.8ExploitedPoC≤ 6.002023-02-06
CVE-2023-23333 [CRITICAL] CWE-77 CVE-2023-23333: There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
nvd
CVE-2023-29919P1CRITICALCVSS 9.1ExploitedPoC≤ 6.02023-05-23
CVE-2023-29919 [CRITICAL] CWE-276 CVE-2023-29919: SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read o
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.
nvd
CVE-2022-40881P1CRITICALCVSS 9.8ExploitedPoCv6.002022-11-17
CVE-2022-40881 [CRITICAL] CWE-77 CVE-2022-40881: SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php
nvd
CVE-2022-44354P1CRITICALCVSS 9.8ExploitedPoCv4.0v5.02022-11-29
CVE-2022-44354 [CRITICAL] CWE-434 CVE-2022-44354: SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
nvd
CVE-2023-40924P3HIGHCVSS 7.5PoCfixed in 6.02023-09-08
CVE-2023-40924 [HIGH] CWE-22 CVE-2023-40924: SolarView Compact < 6.00 is vulnerable to Directory Traversal.
SolarView Compact < 6.00 is vulnerable to Directory Traversal.
nvd
CVE-2023-46509P3CRITICALCVSS 9.8≤ 6.02023-10-27
CVE-2023-46509 [CRITICAL] CWE-94 CVE-2023-46509: An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code v
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.
nvd
CVE-2022-44355P4MEDIUMCVSS 6.1v7.02022-11-29
CVE-2022-44355 [MEDIUM] CWE-79 CVE-2022-44355: SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.
SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php.
nvd