Mici Network Co Ltd Netfax Server vulnerabilities
3 known vulnerabilities affecting mici_network_co_ltd/netfax_server.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-48047P2CRITICALCVSS 9.4fixed in 3.0.1.02025-05-29
CVE-2025-48047 [CRITICAL] CWE-78 CVE-2025-48047: An authenticated user can perform command injection via unsanitized input to the NetFax Server’s pin
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.
nvd
CVE-2025-48045P3HIGHCVSS 8.7fixed in 3.0.1.02025-05-29
CVE-2025-48045 [HIGH] CWE-201 CVE-2025-48045: An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administra
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
nvd
CVE-2025-48046P4MEDIUMCVSS 5.3fixed in 3.0.1.02025-05-29
CVE-2025-48046 [MEDIUM] CWE-256 CVE-2025-48046: An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GE
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.
nvd