A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request fr ...
Continue ReadingJanuary 31, 2023
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are ...
Continue ReadingJanuary 31, 2023
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller ...
Continue ReadingJanuary 31, 2023
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utili ...
Continue ReadingJanuary 31, 2023
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the loca ...
Continue ReadingJanuary 31, 2023
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Auto ...
Continue ReadingJanuary 31, 2023
A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Prod ...
Continue ReadingJanuary 31, 2023
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause systemâs configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Req ...
Continue ReadingJanuary 31, 2023
Back to Main