Wise 4010lan Firmware
Monthly
Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.
A privilege escalation vulnerability (CVSS 9.6) that allows an unauthenticated attacker. Risk factors: public PoC available.
A security vulnerability in Successful exploitation of the vulnerability could allow an attacker that (CVSS 6.4) that allows an attacker that has physical access. Remediation should follow standard vulnerability management procedures.
Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.
CVE-2025-48466 is a security vulnerability (CVSS 8.1). Risk factors: public PoC available.
Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.
A remote code execution vulnerability (CVSS 5.0) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures.
Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation.
A privilege escalation vulnerability (CVSS 9.6) that allows an unauthenticated attacker. Risk factors: public PoC available.
A security vulnerability in Successful exploitation of the vulnerability could allow an attacker that (CVSS 6.4) that allows an attacker that has physical access. Remediation should follow standard vulnerability management procedures.
Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.
CVE-2025-48466 is a security vulnerability (CVSS 8.1). Risk factors: public PoC available.
Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining access to the product.
A remote code execution vulnerability (CVSS 5.0) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures.