Milesight Devicehub
6 CVEs affecting Milesight Devicehub. Latest disclosed: 2024-06-02. Critical: 4, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-36388 | Critical | 10.0 | 2024-06-02 | MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function |
CVE-2024-36389 | Critical | 9.8 | 2024-06-02 | MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass |
CVE-2024-27776 | Critical | 9.8 | 2024-06-02 | MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE |
CVE-2024-36391 | Critical | 9.1 | 2024-06-02 | MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic |
CVE-2024-36390 | High | 7.5 | 2024-06-02 | MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service |
CVE-2024-36392 | Medium | 6.1 | 2024-06-02 | MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |