Rexroth Nexo Cordless Nutrunner Nxa050s-36v (0608842003)
25 CVEs affecting Rexroth Nexo Cordless Nutrunner Nxa050s-36v (0608842003). Latest disclosed: 2024-01-10. Critical: 0, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-48253 | High | 8.8 | 2024-01-10 | The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abu… |
CVE-2023-48252 | High | 8.8 | 2024-01-10 | The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. |
CVE-2023-48266 | High | 8.1 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a… |
CVE-2023-48265 | High | 8.1 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a… |
CVE-2023-48264 | High | 8.1 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a… |
CVE-2023-48263 | High | 8.1 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a… |
CVE-2023-48262 | High | 8.1 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a… |
CVE-2023-48251 | High | 8.1 | 2024-01-10 | The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. |
CVE-2023-48250 | High | 8.1 | 2024-01-10 | The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. |
CVE-2023-48243 | High | 8.1 | 2024-01-10 | The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a cra… |
CVE-2023-48257 | High | 7.8 | 2024-01-10 | The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges o… |
CVE-2023-48249 | Medium | 6.5 | 2024-01-10 | The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“r… |
CVE-2023-48246 | Medium | 6.5 | 2024-01-10 | The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a c… |
CVE-2023-48245 | Medium | 6.5 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP… |
CVE-2023-48242 | Medium | 6.5 | 2024-01-10 | The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (… |
CVE-2023-48255 | Medium | 6.3 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its exec… |
CVE-2023-48258 | Medium | 5.5 | 2024-01-10 | The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. |
CVE-2023-48248 | Medium | 5.5 | 2024-01-10 | The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its… |
CVE-2023-48261 | Medium | 5.3 | 2024-01-10 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. |
CVE-2023-48260 | Medium | 5.3 | 2024-01-10 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. |