Skip to main content

Orvc

8 CVEs product

Monthly

CVE-2023-25183 HIGH This Week

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-31245 MEDIUM This Month

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Orvc
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31241 CRITICAL Act Now

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orvc
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-31240 CRITICAL Act Now

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-31193 HIGH This Week

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28649 HIGH This Week

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28412 MEDIUM This Month

When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-28386 CRITICAL Act Now

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Orvc
NVD
CVSS 3.1
9.8
EPSS
0.4%
EPSS 1% CVSS 7.2
HIGH This Week

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Orvc
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orvc
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Orvc
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy