Skip to main content

Nexo Os

25 CVEs product

Monthly

CVE-2023-48266 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48265 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48264 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48263 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Heap Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48262 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-48261 MEDIUM This Month

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-48260 MEDIUM This Month

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-48259 MEDIUM This Month

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-48258 MEDIUM This Month

The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF Nexo Os
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-48257 HIGH This Week

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Nexo Os
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-48256 MEDIUM This Month

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-48255 MEDIUM This Month

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-48254 MEDIUM This Month

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-48253 HIGH This Week

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48252 HIGH This Week

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-48251 HIGH This Week

The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2023-48250 HIGH This Week

The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-48249 MEDIUM This Month

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nexo Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-48248 MEDIUM This Month

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48247 MEDIUM This Month

The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-48246 MEDIUM This Month

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nexo Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-48245 MEDIUM This Month

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-48244 MEDIUM This Month

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-48243 HIGH This Week

The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Nexo Os
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2023-48242 MEDIUM This Month

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nexo Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 2% CVSS 8.1
HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Stack Overflow RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF Nexo Os
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Nexo Os
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Nexo Os
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
EPSS 3% CVSS 8.1
HIGH This Week

The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nexo Os
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Nexo Os
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nexo Os
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nexo Os
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
EPSS 2% CVSS 8.1
HIGH This Week

The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Nexo Os
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nexo Os
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy