Oringnet Iap-420
8 CVEs affecting Oringnet Iap-420. Latest disclosed: 2024-12-10. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-55547 | Critical | 9.8 | 2024-12-10 | SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e. |
CVE-2022-3203 | Critical | 9.8 | 2022-10-21 | On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or… |
CVE-2024-55544 | High | 8.8 | 2024-12-10 | Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and be… |
CVE-2024-5411 | High | 8.8 | 2024-05-28 | Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects I… |
CVE-2024-55548 | High | 7.5 | 2024-12-10 | Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e. |
CVE-2024-55545 | Medium | 6.1 | 2024-12-10 | Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. |
CVE-2024-55546 | Medium | 5.4 | 2024-12-10 | Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. |
CVE-2024-5410 | Medium | 5.4 | 2024-05-28 | Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. |