cbcvebase.

Marvell Qconvergeconsole vulnerabilities

27 known vulnerabilities affecting marvell/qconvergeconsole.

Total CVEs
27
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH20

Vulnerabilities

Page 1 of 2
CVE-2025-6793P1CRITICALCVSS 9.4PoC≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6793 [CRITICAL] CWE-22 CVE-2025-6793: Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Informat Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.
nvd
CVE-2020-15643P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15643 [HIGH] CWE-22 CVE-2020-15643: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue re
nvd
CVE-2020-15639P2CRITICALCVSS 9.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15639 [CRITICAL] CWE-22 CVE-2020-15639: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validation of a us
nvd
CVE-2025-6794P2CRITICALCVSS 9.8≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6794 [CRITICAL] CWE-22 CVE-2025-6794: Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vu Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveAsText met
nvd
CVE-2025-6802P2CRITICALCVSS 9.8≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6802 [CRITICAL] CWE-434 CVE-2025-6802: Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getF
nvd
CVE-2020-15645P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15645 [HIGH] CWE-434 CVE-2020-15645: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The iss
nvd
CVE-2020-17387P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-17387 [HIGH] CWE-22 CVE-2020-17387: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class.
nvd
CVE-2020-17389P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-17389 [HIGH] CWE-22 CVE-2020-17389: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue r
nvd
CVE-2020-15644P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15644 [HIGH] CWE-22 CVE-2020-15644: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes method of the GWTTestServiceImpl class. The iss
nvd
CVE-2020-17388P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-17388 [HIGH] CWE-749 CVE-2020-17388: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ma This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of
nvd
CVE-2020-15642P2HIGHCVSS 8.8fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15642 [HIGH] CWE-77 CVE-2020-15642: This vulnerability allows remote attackers to execute arbitrary code on affected installations of in This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the isHPSmartComponent method of the GWTTestServic
nvd
CVE-2025-6798P2CRITICALCVSS 9.1≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6798 [CRITICAL] CWE-22 CVE-2025-6798: Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. Th Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteApp
nvd
CVE-2025-6805P2CRITICALCVSS 9.1v5.5.0.85v5.5.0.782025-07-07
CVE-2025-6805 [CRITICAL] CWE-22 CVE-2025-6805: Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerabilit Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the dele
nvd
CVE-2025-8426P2CRITICALCVSS 9.4v5.5.0.85v5.5.0.782025-07-31
CVE-2025-8426 [CRITICAL] CWE-22 CVE-2025-8426: Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-o Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulne
nvd
CVE-2020-5803P3HIGHCVSS 8.1v5.5.00.742020-12-18
CVE-2020-5803 [HIGH] CWE-22 CVE-2020-5803: Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated atta Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root.
nvd
CVE-2025-6801P3HIGHCVSS 7.5≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6801 [HIGH] CWE-22 CVE-2025-6801: Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveNICPar
nvd
CVE-2025-6806P3HIGHCVSS 7.5≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6806 [HIGH] CWE-22 CVE-2025-6806: Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vu Marvell QConvergeConsole decryptFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the decryptFile method
nvd
CVE-2020-15641P3HIGHCVSS 7.5fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15641 [HIGH] CWE-22 CVE-2020-15641: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validat
nvd
CVE-2020-15640P3HIGHCVSS 7.5fixed in 5.5.00.73v5.5.0.642020-08-25
CVE-2020-15640 [HIGH] CWE-22 CVE-2020-15640: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileUploadBytes method of the FlashValidatorServiceImpl class. The issue results from the lack of proper validat
nvd
CVE-2025-6800P3HIGHCVSS 7.5≤ 5.5.0.85v5.5.0.782025-07-07
CVE-2025-6800 [HIGH] CWE-22 CVE-2025-6800: Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerabili Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the
nvd
Marvell Qconvergeconsole vulnerabilities | cvebase