Radiflow Isap Smart Collector
5 CVEs affecting Radiflow Isap Smart Collector. Latest disclosed: 2025-07-09. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-3499 | Critical | 10.0 | 2025-07-09 | The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection throu… |
CVE-2025-3498 | Critical | 9.9 | 2025-07-09 | An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. The device… |
CVE-2025-3497 | High | 8.7 | 2025-07-09 | The Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) is obsolete and reached end of life (EOL) on June 30, 2024. Thus… |
CVE-2025-27028 | Medium | 6.8 | 2025-07-09 | The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging t… |
CVE-2025-27027 | Medium | 4.1 | 2025-07-09 | A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. Thi… |