Leonardobg

#10180of 53,632
27.1Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2023-25453
8.8
2023-06-30
Maxprint · Maxprint Maxlink 1200G · CVE-2023-36143
**Name of the Vulnerable Software and Affected Versions** Maxprint Maxlink 1200G version 3.4.11E **Description** The issue is related to an OS command injection vulnerability in the "Diagnostic tool" functionality of the device. **Recommendations** For Maxprint Maxlink 1200G version 3.4.11E, consider disabling the "Diagnostic tool" functionality until a patch is available to prevent potential exploitation.
PT-2023-25454
7.5
2023-06-30
Intelbras · Intelbras Switch Sg 2404 Mr · CVE-2023-36144
**Name of the Vulnerable Software and Affected Versions** Intelbras Switch SG 2404 MR version 1.00.54 **Description** The issue is related to an authentication bypass that allows an unauthenticated attacker to download the device's backup file, exposing critical configuration information. **Recommendations** For Intelbras Switch SG 2404 MR version 1.00.54, consider restricting access to the backup file download functionality until a patch is available.
PT-2023-25455
5.4
2023-06-30
Multilaser · Multilaser Re 170 · CVE-2023-36146
**Name of the Vulnerable Software and Affected Versions** Multilaser RE 170 version 2.2.6733 **Description** A Stored Cross-Site Scripting (XSS) issue was discovered. This type of issue allows attackers to inject malicious scripts into content from otherwise trusted websites, which can lead to unauthorized actions or access to sensitive data. **Recommendations** For Multilaser RE 170 version 2.2.6733, update the firmware to a version that addresses the Stored Cross-Site Scripting (XSS) issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-16776
5.4
2022-08-15
Intelbras · Intelbras Ata 200 · CVE-2022-24654
**Name of the Vulnerable Software and Affected Versions** INTELBRAS ATA 200 Firmware version 74.19.10.21 **Description** The issue is an authenticated stored cross-site scripting (XSS) vulnerability in the "Field Server Address" field. This allows attackers to inject JavaScript code through a crafted payload. **Recommendations** For INTELBRAS ATA 200 Firmware version 74.19.10.21, consider disabling the "Field Server Address" field until a patch is available to prevent exploitation. Restrict access to this field to minimize the risk of injection of malicious JavaScript code.