Rexroth Nexo Cordless Nutrunner Nxa011S-36V vulnerabilities
25 known vulnerabilities affecting rexroth/nexo_cordless_nutrunner_nxa011s-36v.
Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH9MEDIUM8
Vulnerabilities
Page 1 of 2
CVE-2023-48245P2CRITICALCVSS 9.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48245 [CRITICAL] CWE-862 CVE-2023-48245: The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the cont
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
nvd
CVE-2023-48251P2CRITICALCVSS 9.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48251 [CRITICAL] CWE-798 CVE-2023-48251: The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges t
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
nvd
CVE-2023-48265P2CRITICALCVSS 9.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48265 [CRITICAL] CWE-121 CVE-2023-48265: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
nvd
CVE-2023-48264P2CRITICALCVSS 9.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48264 [CRITICAL] CWE-121 CVE-2023-48264: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
nvd
CVE-2023-48263P2CRITICALCVSS 9.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48263 [CRITICAL] CWE-122 CVE-2023-48263: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
nvd
CVE-2023-48262P2CRITICALCVSS 9.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48262 [CRITICAL] CWE-121 CVE-2023-48262: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
nvd
CVE-2023-48266P2CRITICALCVSS 9.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48266 [CRITICAL] CWE-121 CVE-2023-48266: The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
nvd
CVE-2023-48243P2HIGHCVSS 8.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48243 [HIGH] CWE-22 CVE-2023-48243: The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system unde
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.
nvd
CVE-2023-48250P3CRITICALCVSS 9.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48250 [CRITICAL] CWE-798 CVE-2023-48250: The vulnerability allows a remote attacker to authenticate to the web application with high privileg
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
nvd
CVE-2023-48253P3HIGHCVSS 8.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48253 [HIGH] CWE-89 CVE-2023-48253: The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.
By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.
nvd
CVE-2023-48257P2HIGHCVSS 8.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48257 [HIGH] CWE-1391 CVE-2023-48257: The vulnerability allows a remote attacker to access sensitive data inside exported packages or obta
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup package
nvd
CVE-2023-48252P3HIGHCVSS 8.8≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48252 [HIGH] CWE-285 CVE-2023-48252: The vulnerability allows an authenticated remote attacker to perform actions exceeding their authori
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
nvd
CVE-2023-48247P3HIGHCVSS 7.5≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48247 [HIGH] CWE-862 CVE-2023-48247: The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the contex
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
nvd
CVE-2023-48259P3HIGHCVSS 7.5≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48259 [HIGH] CWE-89 CVE-2023-48259: The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
nvd
CVE-2023-48261P3HIGHCVSS 7.5≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48261 [HIGH] CWE-89 CVE-2023-48261: The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
nvd
CVE-2023-48260P3HIGHCVSS 7.5≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48260 [HIGH] CWE-89 CVE-2023-48260: The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
nvd
CVE-2023-48246P3MEDIUMCVSS 6.5≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48246 [MEDIUM] CWE-22 CVE-2023-48246: The vulnerability allows a remote attacker to download arbitrary files in all paths of the system un
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
nvd
CVE-2023-48242P3MEDIUMCVSS 6.5≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48242 [MEDIUM] CWE-22 CVE-2023-48242: The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths o
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
nvd
CVE-2023-48249P3MEDIUMCVSS 6.5≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48249 [MEDIUM] CWE-22 CVE-2023-48249: The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to steal session cookies of other active users.
nvd
CVE-2023-48258P3HIGHCVSS 8.1≥ NEXO-OS V1000-Release, ≤ NEXO-OS V1500-SP22024-01-10
CVE-2023-48258 [HIGH] CWE-352 CVE-2023-48258: The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafte
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP
request through a victim’s session.
nvd
1 / 2Next →