Skip to main content

Tbox Lt2 Firmware

6 CVEs product

Monthly

CVE-2023-3395 MEDIUM This Month

​All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36611 MEDIUM This Month

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-36610 MEDIUM This Month

​The affected TBox RTUs generate software security tokens using insufficient entropy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-36609 HIGH This Week

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-36608 MEDIUM This Month

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-36607 MEDIUM This Month

The affected TBox RTUs are missing authorization for running some API commands. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.5%
EPSS 0% CVSS 6.5
MEDIUM This Month

​All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware +3
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

​The affected TBox RTUs generate software security tokens using insufficient entropy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware +3
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The affected TBox RTUs are missing authorization for running some API commands. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy