Lynxtechnology Twonky Server vulnerabilities
6 known vulnerabilities affecting lynxtechnology/twonky_server.
Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-13315P1CRITICALCVSS 9.8ExploitedPoCv8.5.22025-11-19
CVE-2025-13315 [CRITICAL] CWE-420 CVE-2025-13315: Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
nvd
CVE-2018-7171P2HIGHCVSS 7.5PoC≥ 7.0.11, ≤ 8.52018-03-30
CVE-2018-7171 [HIGH] CWE-22 CVE-2018-7171: Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to sha
Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.
nvd
CVE-2025-13316P2HIGHCVSS 8.1PoCv8.5.22025-11-19
CVE-2025-13316 [HIGH] CWE-321 CVE-2025-13316: Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cr
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.
nvd
CVE-2018-7203P4MEDIUMCVSS 6.1PoC≥ 7.0.11, ≤ 8.52018-03-30
CVE-2018-7203 [MEDIUM] CWE-79 CVE-2018-7203: Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.
nvd
CVE-2018-9182P4MEDIUMCVSS 6.1fixed in 8.5.12018-06-08
CVE-2018-9182 [MEDIUM] CWE-79 CVE-2018-9182: Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.
nvd
CVE-2018-9177P4MEDIUMCVSS 6.1fixed in 8.5.12018-06-08
CVE-2018-9177 [MEDIUM] CWE-79 CVE-2018-9177: Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.
Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.
nvd