Marvell Qconvergeconsole vulnerabilities
27 known vulnerabilities affecting marvell/qconvergeconsole.
Total CVEs
27
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH20
Vulnerabilities
Page 1 of 2
CVE-2025-6793P1CRITICALCVSS 9.4PoC≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6793 [CRITICAL] CWE-22 CVE-2025-6793: Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Informat
Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
nvd
CVE-2020-15643P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15643 [HIGH] CWE-22 CVE-2020-15643: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue re
nvd
CVE-2020-15639P2CRITICALCVSS 9.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15639 [CRITICAL] CWE-22 CVE-2020-15639: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a us
nvd
CVE-2025-6794P2CRITICALCVSS 9.8≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6794 [CRITICAL] CWE-22 CVE-2025-6794: Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vu
Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the saveAsText met
nvd
CVE-2025-6802P2CRITICALCVSS 9.8≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6802 [CRITICAL] CWE-434 CVE-2025-6802: Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability
Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the getF
nvd
CVE-2020-15645P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15645 [HIGH] CWE-434 CVE-2020-15645: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The iss
nvd
CVE-2020-17387P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-17387 [HIGH] CWE-22 CVE-2020-17387: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class.
nvd
CVE-2020-17389P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-17389 [HIGH] CWE-22 CVE-2020-17389: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue r
nvd
CVE-2020-15644P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15644 [HIGH] CWE-22 CVE-2020-15644: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes method of the GWTTestServiceImpl class. The iss
nvd
CVE-2020-17388P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-17388 [HIGH] CWE-749 CVE-2020-17388: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of
nvd
CVE-2020-15642P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15642 [HIGH] CWE-77 CVE-2020-15642: This vulnerability allows remote attackers to execute arbitrary code on affected installations of in
This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the isHPSmartComponent method of the GWTTestServic
nvd
CVE-2025-6798P2CRITICALCVSS 9.1≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6798 [CRITICAL] CWE-22 CVE-2025-6798: Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. Th
Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the deleteApp
nvd
CVE-2025-6805P2CRITICALCVSS 9.1v5.5.0.85v5.5.0.782025-07-07
CVE-2025-6805 [CRITICAL] CWE-22 CVE-2025-6805: Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerabilit
Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the dele
nvd
CVE-2025-8426P2CRITICALCVSS 9.4v5.5.0.85v5.5.0.782025-07-31
CVE-2025-8426 [CRITICAL] CWE-22 CVE-2025-8426: Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-o
Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulne
nvd
CVE-2020-5803P3HIGHCVSS 8.1v5.5.00.742020-12-18
CVE-2020-5803 [HIGH] CWE-22 CVE-2020-5803: Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated atta
Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root.
nvd
CVE-2025-6801P3HIGHCVSS 7.5≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6801 [HIGH] CWE-22 CVE-2025-6801: Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability.
Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the saveNICPar
nvd
CVE-2025-6806P3HIGHCVSS 7.5≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6806 [HIGH] CWE-22 CVE-2025-6806: Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vu
Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the decryptFile method
nvd
CVE-2020-15641P3HIGHCVSS 7.5fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15641 [HIGH] CWE-22 CVE-2020-15641: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validat
nvd
CVE-2020-15640P3HIGHCVSS 7.5fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15640 [HIGH] CWE-22 CVE-2020-15640: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validat
nvd
CVE-2025-6800P3HIGHCVSS 7.5≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6800 [HIGH] CWE-22 CVE-2025-6800: Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerabili
Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the
nvd
1 / 2Next →