Skip to main content

Devicehub

6 CVEs product

Monthly

CVE-2024-36392 MEDIUM This Month

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Devicehub
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36391 HIGH This Week

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Devicehub
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-36390 HIGH This Week

MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Devicehub
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-36389 CRITICAL Act Now

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Devicehub
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36388 CRITICAL Act Now

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Devicehub
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-27776 CRITICAL Act Now

MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Devicehub
NVD
CVSS 3.1
9.8
EPSS
0.6%
EPSS 0% CVSS 6.1
MEDIUM This Month

MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Devicehub
NVD
EPSS 0% CVSS 7.4
HIGH This Week

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Devicehub
NVD
EPSS 0% CVSS 7.5
HIGH This Week

MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Devicehub
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Devicehub
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Devicehub
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Devicehub
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy