Skip to main content

Ctrlx Hmi Web Panel Wr2110 Firmware

9 CVEs product

Monthly

CVE-2023-46102 HIGH This Week

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-45851 HIGH This Week

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-45844 MEDIUM This Month

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-45321 HIGH This Week

The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-45220 HIGH This Week

The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-43488 HIGH This Week

The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41960 LOW Monitor

The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-41372 HIGH This Week

The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker -. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41255 HIGH This Week

The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 8.8
HIGH This Week

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Authentication Bypass +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Ctrlx Hmi Web Panel Wr2107 Firmware +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Ctrlx Hmi Web Panel Wr2107 Firmware +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker -. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy