Emerson Wireless_1420_gateway
8 CVEs affecting Emerson Wireless_1420_gateway. Latest disclosed: 2021-10-22. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-12030 | Critical | 10.0 | 2021-09-29 | There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the… |
CVE-2020-19417 | High | 8.8 | 2021-03-10 | Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending special… |
CVE-2021-42542 | High | 8.0 | 2021-10-22 | The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. |
CVE-2021-42540 | High | 8.0 | 2021-10-22 | The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the set… |
CVE-2021-42539 | High | 8.0 | 2021-10-22 | The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings c… |
CVE-2021-42538 | High | 8.0 | 2021-10-22 | The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. |
CVE-2021-42536 | High | 8.0 | 2021-10-22 | The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. |
CVE-2021-38485 | High | 8.0 | 2021-10-22 | The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any… |