Zultys Mx-E Firmware vulnerabilities
3 known vulnerabilities affecting zultys/mx-e_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-43742P2CRITICALCVSS 9.8fixed in 16.0.4≥ 17.0.6, < 17.0.102023-12-08
CVE-2023-43742 [CRITICAL] CWE-287 CVE-2023-43742: An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Win
nvd
CVE-2023-43743P3HIGHCVSS 8.8fixed in 16.0.4≥ 17.0.6, < 17.0.102023-12-08
CVE-2023-43743 [HIGH] CWE-89 CVE-2023-43743: A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firm
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.
nvd
CVE-2023-43744P3HIGHCVSS 7.2fixed in 16.0.4≥ 17.0.6, < 17.0.102023-12-08
CVE-2023-43744 [HIGH] CWE-78 CVE-2023-43744: An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 w
An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section
nvd