Skip to main content

Exvf5C 2 Firmware

4 CVEs product

Monthly

CVE-2020-24054 CRITICAL POC Act Now

The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-24053 HIGH POC This Week

Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-24052 CRITICAL POC Act Now

Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2020-24051 CRITICAL POC Act Now

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Exvf5C 2 Firmware Exvp7C2 3 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy