Doverfuelingsolutions Progauge_maglink_lx_console
6 CVEs affecting Doverfuelingsolutions Progauge_maglink_lx_console. Latest disclosed: 2024-09-25. Critical: 4, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-45066 | Critical | 10.0 | 2024-09-25 | A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. |
CVE-2024-43693 | Critical | 10.0 | 2024-09-25 | A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. |
CVE-2024-43692 | Critical | 9.8 | 2024-09-25 | An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. |
CVE-2024-43423 | Critical | 9.8 | 2024-09-25 | The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. |
CVE-2024-45373 | High | 8.8 | 2024-09-25 | Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. |
CVE-2024-41725 | High | 8.8 | 2024-09-25 | ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. |