Skip to main content

Solarview Compact Firmware

7 CVEs product

Monthly

CVE-2023-46509 CRITICAL Act Now

An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40924 HIGH POC This Week

SolarView Compact < 6.00 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Solarview Compact Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2023-29919 CRITICAL POC THREAT Act Now

SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
60.2%
CVE-2023-23333 CRITICAL POC THREAT Emergency

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Solarview Compact Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.3%
CVE-2022-44355 MEDIUM POC This Month

SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Solarview Compact Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-44354 CRITICAL POC Act Now

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-40881 CRITICAL POC THREAT Act Now

SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
29.5%
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

SolarView Compact < 6.00 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Solarview Compact Firmware
NVD GitHub
EPSS 60% CVSS 9.1
CRITICAL POC THREAT Act Now

SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Solarview Compact Firmware
NVD GitHub
EPSS 99% CVSS 9.8
CRITICAL POC THREAT Emergency

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Solarview Compact Firmware
NVD GitHub Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC This Month

SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via /network_test.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Solarview Compact Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Solarview Compact Firmware
NVD GitHub
EPSS 29% CVSS 9.8
CRITICAL POC THREAT Act Now

SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Solarview Compact Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy