Copeland Xweb 300D Pro vulnerabilities
23 known vulnerabilities affecting copeland/copeland_xweb_300d_pro.
Total CVEs
23
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH17MEDIUM1
Vulnerabilities
Page 1 of 2
CVE-2026-24663P2CRITICALCVSS 9.8≤ 1.12.12026-02-27
CVE-2026-24663 [CRITICAL] CWE-78 CVE-2026-24663: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unau
An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an unauthenticated attacker to achieve remote code
execution on the system by sending a crafted request to the libraries
installation route and injecting malicious input into the request body.
nvd
CVE-2026-20764P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-20764 [HIGH] CWE-78 CVE-2026-20764: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
providing malicious input via the device hostname configuration which
is later processed during system setup, resulting in remote code
execution.
nvd
CVE-2026-25721P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-25721 [HIGH] CWE-78 CVE-2026-25721: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the server username and/or password
fields of the restore action in the API V1 route.
nvd
CVE-2026-25196P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-25196 [HIGH] CWE-78 CVE-2026-25196: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the Wi-Fi SSID and/or password fields
can lead to remote code execution when the configuration is processed.
nvd
CVE-2026-23702P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-23702 [HIGH] CWE-78 CVE-2026-23702: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
sending malicious input injected into the server username field of the
import preconfiguration action in the API V1 route.
nvd
CVE-2026-25037P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-25037 [HIGH] CWE-78 CVE-2026-25037: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an au
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
configuring a maliciously crafted LCD state which is later processed
during system setup, enabling remote code execution.
nvd
CVE-2026-24452P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-24452 [HIGH] CWE-78 CVE-2026-24452: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an au
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
supplying a crafted template file to the devices route.
nvd
CVE-2026-25105P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-25105 [HIGH] CWE-78 CVE-2026-25105: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into parameters of the Modbus command tool in
the debug route.
nvd
CVE-2026-21718P2CRITICALCVSS 9.8≤ 1.12.12026-02-27
CVE-2026-21718 [CRITICAL] CWE-327 CVE-2026-21718: An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabli
An authentication bypass vulnerability exists in Copeland XWEB Pro
version 1.12.1 and prior, enabling any attackers to bypass the
authentication requirement and achieve pre-authenticated code execution
on the system.
nvd
CVE-2026-3037P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-3037 [HIGH] CWE-78 CVE-2026-3037: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an auth
An OS command injection vulnerability exists in XWEB Pro version 1.12.1
and prior, enabling an authenticated attacker to achieve remote code
execution on the system by modifying malicious input injected into the
MBird SMS service URL and/or code via the utility route which is later
processed during system setup, leading to remote code execution.
nvd
CVE-2026-24689P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-24689 [HIGH] CWE-78 CVE-2026-24689: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an au
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the devices field of the firmware update
apply action.
nvd
CVE-2026-21389P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-21389 [HIGH] CWE-78 CVE-2026-21389: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the request body sent to the contacts
import route.
nvd
CVE-2026-25109P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-25109 [HIGH] CWE-78 CVE-2026-25109: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an a
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the devices field when accessing the get
setup route.
nvd
CVE-2026-25111P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-25111 [HIGH] CWE-78 CVE-2026-25111: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into requests sent to the restore route.
nvd
CVE-2026-20910P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-20910 [HIGH] CWE-78 CVE-2026-20910: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an aut
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the devices field of the firmware update action to achieve remote code execution.
nvd
CVE-2026-20742P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-20742 [HIGH] CWE-78 CVE-2026-20742: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an au
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into requests sent to the templates route.
nvd
CVE-2026-24695P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-24695 [HIGH] CWE-78 CVE-2026-24695: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into OpenSSL argument fields within requests
sent to the utility route, leading to remote code execution.
nvd
CVE-2026-20902P2HIGHCVSS 8.8≤ 1.12.12026-02-27
CVE-2026-20902 [HIGH] CWE-78 CVE-2026-20902: An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
injecting malicious input into the map filename field during the map
upload action of the parameters route.
nvd
CVE-2026-20797P2CRITICALCVSS 9.8≤ 1.12.12026-02-27
CVE-2026-20797 [CRITICAL] CWE-787 CVE-2026-20797: A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling
A stack based buffer overflow exists in an API route of XWEB Pro version
1.12.1 and prior, enabling unauthenticated attackers to cause stack
corruption and a termination of the program.
nvd
CVE-2026-25085P2CRITICALCVSS 9.8≤ 1.12.12026-02-27
CVE-2026-25085 [CRITICAL] CWE-394 CVE-2026-25085: A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return
A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in
which an unexpected return value from the authentication routine is
later on processed as a legitimate value, resulting in an authentication
bypass.
nvd
1 / 2Next →