Pixera Two Media Server
Monthly
Path traversal vulnerability in AV Stumpfl Pixera Two Media Server up to version 25.1 R2 allows adjacent network attackers to access arbitrary files via manipulation of an unknown function on Service Port 1338. The vulnerability has a low CVSS score of 2.1 due to adjacency requirement (AV:A) and confidentiality-only impact, but publicly available exploit code exists and the vendor has released a patch in version 25.2 R3.
Code injection via Websocket API in AV Stumpfl Pixera Two Media Server ≤25.2 R2 allows unauthenticated remote attackers to execute arbitrary code with low complexity. Publicly available exploit code (GitHub Gist) enables network-based compromise with partial impact to confidentiality, integrity, and availability (CVSS:3.1/C:L/I:L/A:L). Vendor-released patch version 25.2 R3 addresses the vulnerability. Despite network vector and proof-of-concept availability, no CISA KEV listing or EPSS data indicates limited observed exploitation at time of analysis.
Path traversal vulnerability in AV Stumpfl Pixera Two Media Server up to version 25.1 R2 allows adjacent network attackers to access arbitrary files via manipulation of an unknown function on Service Port 1338. The vulnerability has a low CVSS score of 2.1 due to adjacency requirement (AV:A) and confidentiality-only impact, but publicly available exploit code exists and the vendor has released a patch in version 25.2 R3.
Code injection via Websocket API in AV Stumpfl Pixera Two Media Server ≤25.2 R2 allows unauthenticated remote attackers to execute arbitrary code with low complexity. Publicly available exploit code (GitHub Gist) enables network-based compromise with partial impact to confidentiality, integrity, and availability (CVSS:3.1/C:L/I:L/A:L). Vendor-released patch version 25.2 R3 addresses the vulnerability. Despite network vector and proof-of-concept availability, no CISA KEV listing or EPSS data indicates limited observed exploitation at time of analysis.