Skip to main content

Remote Collector

2 CVEs product

Monthly

CVE-2026-31985 HIGH PATCH This Week

Man-in-the-middle exposure in Nozomi Networks Remote Collector arises because configuring an upstream Guardian or CMC through the n2os-tui interface generates a configuration that disables TLS certificate verification, with no option to re-enable it. Any attacker positioned on the network path between the Remote Collector and its Guardian/CMC can intercept the channel to steal the sync token, impersonate the server, inject spoofed asset or vulnerability data, or disrupt telemetry flow. There is no public exploit identified at time of analysis, and the issue is not on CISA KEV; the vendor (Nozomi) self-reported it.

Code Injection Remote Collector
NVD VulDB
CVSS 4.0
8.3
EPSS
0.1%
CVE-2021-41315 HIGH This Week

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Remote Collector
NVD
CVSS 3.1
8.8
EPSS
1.3%
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Man-in-the-middle exposure in Nozomi Networks Remote Collector arises because configuring an upstream Guardian or CMC through the n2os-tui interface generates a configuration that disables TLS certificate verification, with no option to re-enable it. Any attacker positioned on the network path between the Remote Collector and its Guardian/CMC can intercept the channel to steal the sync token, impersonate the server, inject spoofed asset or vulnerability data, or disrupt telemetry flow. There is no public exploit identified at time of analysis, and the issue is not on CISA KEV; the vendor (Nozomi) self-reported it.

Code Injection Remote Collector
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Remote Collector
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy