|
267451
|
8.6 |
HIGH
Network
|
adcon
|
a840_telemetry_gateway_base_station_firmware
|
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-7934
|
2024-11-21 11:37 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267452
|
8.6 |
HIGH
Network
|
adcon
|
a840_telemetry_gateway_base_station_firmware
|
Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.
|
CWE-200
Information Exposure
|
CVE-2015-7932
|
2024-11-21 11:37 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267453
|
8.7 |
HIGH
Network
|
adcon
|
a840_telemetry_gateway_base_station_firmware
|
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive informa…
|
CWE-200
CWE-20
Information Exposure
Improper Input Validation
|
CVE-2015-7931
|
2024-11-21 11:37 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267454
|
10.0 |
CRITICAL
Network
|
adcon
|
a840_telemetry_gateway_base_station_firmware
|
Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2015-7930
|
2024-11-21 11:37 |
2015-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267455
|
4.3 |
MEDIUM
Network
|
ewon
|
ewon_firmware
|
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Re…
|
CWE-200
Information Exposure
|
CVE-2015-7929
|
2024-11-21 11:37 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267456
|
8.5 |
HIGH
Network
|
ewon
|
ewon_firmware
|
eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workst…
|
CWE-200
Information Exposure
|
CVE-2015-7928
|
2024-11-21 11:37 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267457
|
6.1 |
MEDIUM
Network
|
ewon
|
ewon_firmware
|
Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-7927
|
2024-11-21 11:37 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267458
|
9.9 |
CRITICAL
Network
|
ewon
|
ewon_firmware
|
eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.
|
CWE-200
Information Exposure
|
CVE-2015-7926
|
2024-11-21 11:37 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267459
|
8.0 |
HIGH
Network
|
ewon
|
ewon_firmware
|
Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware …
|
CWE-352
Origin Validation Error
|
CVE-2015-7925
|
2024-11-21 11:37 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267460
|
8.8 |
HIGH
Network
|
ewon
|
ewon_firmware
|
eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveragi…
|
NVD-CWE-Other
|
CVE-2015-7924
|
2024-11-21 11:37 |
2015-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
