Milesight Devicehub vulnerabilities
6 known vulnerabilities affecting milesight/devicehub.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-36388P2CRITICALCVSS 9.8v3.0.1-r1≥ v3.0.1-r1 for Ubuntu 20.04, < Upgrade to the latest version.2024-06-02
CVE-2024-36388 [CRITICAL] CWE-305 CVE-2024-36388: MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function
MileSight DeviceHub -
CWE-305 Missing Authentication for Critical Function
nvd
CVE-2024-36389P2CRITICALCVSS 9.8v3.0.1-r1≥ v3.0.1-r1 for Ubuntu 20.04, < Upgrade to the latest version.2024-06-02
CVE-2024-36389 [CRITICAL] CWE-330 CVE-2024-36389: MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Byp
MileSight DeviceHub -
CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass
nvd
CVE-2024-27776P3CRITICALCVSS 9.8v3.0.1-r1≥ v3.0.1-r1 for Ubuntu 20.04, < Upgrade to the latest version.2024-06-02
CVE-2024-27776 [CRITICAL] CWE-22 CVE-2024-27776: MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Tr
MileSight DeviceHub -
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE
nvd
CVE-2024-36391P3HIGHCVSS 7.4v3.0.1-r1≥ v3.0.1-r1 for Ubuntu 20.04, < Upgrade to the latest version.2024-06-02
CVE-2024-36391 [HIGH] CWE-320 CVE-2024-36391: MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-
MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic
nvd
CVE-2024-36390P3HIGHCVSS 7.5v3.0.1-r1≥ v3.0.1-r1 for Ubuntu 20.04, < Upgrade to the latest version.2024-06-02
CVE-2024-36390 [HIGH] CWE-20 CVE-2024-36390: MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service
nvd
CVE-2024-36392P4MEDIUMCVSS 6.1v3.0.1-r1≥ v3.0.1-r1 for Ubuntu 20.04, < Upgrade to the latest version.2024-06-02
CVE-2024-36392 [MEDIUM] CWE-79 CVE-2024-36392: MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-si
MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd