N0Obit4

#10607of 53,624
26.1Total CVSS
Vulnerabilities · 3
High
2
Critical
1
PT-2024-13731
9.8
2024-03-08
Newland · Newland Nquire 1000 Interactive Kiosk · CVE-2023-49340
**Name of the Vulnerable Software and Affected Versions** Newland Nquire 1000 Interactive Kiosk version NQ1000-II G V1.00.011 **Description** An issue was discovered in the Newland Nquire 1000 Interactive Kiosk, allowing remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal. **Recommendations** For version NQ1000-II G V1.00.011, consider restricting access to the web management portal until a patch is available. As a temporary workaround, review and adjust the access control settings in the web management portal to minimize the risk of exploitation. Avoid using the web management portal for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-13732
7.5
2024-03-08
Newland · Newland Nquire 1000 Interactive Kiosk · CVE-2023-49341
**Name of the Vulnerable Software and Affected Versions** Newland Nquire 1000 Interactive Kiosk version NQ1000-II G V1.00.011 **Description** An issue was discovered in the Newland Nquire 1000 Interactive Kiosk, allowing remote attackers to obtain sensitive information via cleartext credential storage in the backup.htm component. **Recommendations** For version NQ1000-II G V1.00.011, consider restricting access to the backup.htm component to minimize the risk of exploitation. As a temporary workaround, avoid using the backup.htm component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2024-13846
8.8
2024-03-08
Grandstream · Grandstream Gxp14Xx · CVE-2023-50015
**Name of the Vulnerable Software and Affected Versions** Grandstream GXP14XX version 1.0.8.9 Grandstream GXP16XX version 1.0.7.13 **Description** An issue was discovered that allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. **Recommendations** For Grandstream GXP14XX version 1.0.8.9, consider disabling the use of end-user session-identity tokens until a patch is available. For Grandstream GXP16XX version 1.0.7.13, consider disabling the use of end-user session-identity tokens until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.