Contec Sv-Cpt-Mc310F Firmware vulnerabilities
6 known vulnerabilities affecting contec/sv-cpt-mc310f_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-27521HIGHCVSS 8.8fixed in 8.102023-05-23
CVE-2023-27521 [HIGH] CWE-78 CVE-2023-27521: OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versio
OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command.
nvd
CVE-2023-27518HIGHCVSS 8.8fixed in 8.102023-05-23
CVE-2023-27518 [HIGH] CWE-120 CVE-2023-27518: Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versio
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.
nvd
CVE-2023-27514HIGHCVSS 8.8fixed in 8.102023-05-23
CVE-2023-27514 [HIGH] CWE-78 CVE-2023-27514: OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions p
OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.
nvd
CVE-2023-27512HIGHCVSS 7.2fixed in 8.102023-05-23
CVE-2023-27512 [HIGH] CWE-798 CVE-2023-27512: Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, a
Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation.
nvd
CVE-2023-27920MEDIUMCVSS 4.3fixed in 8.102023-05-23
CVE-2023-27920 [MEDIUM] CWE-863 CVE-2023-27920: Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-C
Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product.
nvd
CVE-2022-35239HIGHCVSS 8.8fixed in 7.242022-08-16
CVE-2022-35239 [HIGH] CWE-20 CVE-2022-35239: The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC
The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.
nvd