Oring Iap-420 vulnerabilities
8 known vulnerabilities affecting oring/iap-420.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-5411P2HIGHCVSS 8.8≤ 2.01e2024-05-28
CVE-2024-5411 [HIGH] CWE-78 CVE-2024-5411: Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface
Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.
nvd
CVE-2024-55547P2CRITICALCVSS 9.8≤ 2.01e2024-12-10
CVE-2024-55547 [CRITICAL] CWE-77 CVE-2024-55547: SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420:
SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.
nvd
CVE-2024-55544P2HIGHCVSS 8.8≤ 2.01e2024-12-10
CVE-2024-55544 [HIGH] CWE-77 CVE-2024-55544: Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections
Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.
nvd
CVE-2022-3203P3CRITICALCVSS 9.8vFW 2.0m2022-10-21
CVE-2022-3203 [CRITICAL] CWE-912 CVE-2022-3203: On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot perman
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.
nvd
CVE-2024-55548P3HIGHCVSS 7.5≤ 2.01e2024-12-10
CVE-2024-55548 [HIGH] CWE-703 CVE-2024-55548: Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue af
Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.
nvd
CVE-2024-5410P3MEDIUMCVSS 5.4≤ 2.01e2024-05-28
CVE-2024-5410 [MEDIUM] CWE-79 CVE-2024-5410: Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS)
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
nvd
CVE-2024-55546P4MEDIUMCVSS 5.4≤ 2.01e2024-12-10
CVE-2024-55546 [MEDIUM] CWE-79 CVE-2024-55546: Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS)
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
nvd
CVE-2024-55545P4MEDIUMCVSS 6.1≤ 2.01e2024-12-10
CVE-2024-55545 [MEDIUM] CWE-79 CVE-2024-55545: Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This i
Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.
nvd