Snapone Ovrc-300-pro
6 CVEs affecting Snapone Ovrc-300-pro. Latest disclosed: 2023-05-22. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-31241 | High | 8.6 | 2023-05-22 | Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. |
CVE-2023-28649 | High | 8.6 | 2023-05-22 | The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attack… |
CVE-2023-28386 | High | 8.6 | 2023-05-22 | Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does n… |
CVE-2023-25183 | High | 8.3 | 2023-05-22 | In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could all… |
CVE-2023-31245 | High | 7.1 | 2023-05-22 | Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attacke… |
CVE-2023-28412 | Medium | 5.3 | 2023-05-22 | When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enume… |