Snapone Orvc

8 CVEs affecting Snapone Orvc. Latest disclosed: 2023-05-22. Critical: 0, High: 7.

Top CVEs affecting Snapone Orvc
CVESeverityScorePublishedSummary
CVE-2023-31241High8.62023-05-22Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
CVE-2023-28649High8.62023-05-22The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attack…
CVE-2023-28386High8.62023-05-22Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does n…
CVE-2023-25183High8.32023-05-22 In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could all…
CVE-2023-31240High8.32023-05-22Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hi…
CVE-2023-31193High7.52023-05-22 Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pr…
CVE-2023-31245High7.12023-05-22 Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attacke…
CVE-2023-28412Medium5.32023-05-22 When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enume…