Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
rexroth

Nexo cordless nutrunner NXA065S-36V (0608842013)

2 Versions 25 CVEs

Versions

NEXO-OS V1000-Release

OTHER 25 CVEs

NEXO-OS V1500-SP2

OTHER 25 CVEs

Recent CVEs

CVE-2023-48266

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

HIGH Jan 10, 2024

CVE-2023-48265

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

HIGH Jan 10, 2024

CVE-2023-48263

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

HIGH Jan 10, 2024

CVE-2023-48259

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.

MEDIUM Jan 10, 2024

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.

HIGH Jan 10, 2024

CVE-2023-48252

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.

HIGH Jan 10, 2024

CVE-2023-48250

The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.

HIGH Jan 10, 2024

CVE-2023-48248

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.

MEDIUM Jan 10, 2024

CVE-2023-48247

The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.

MEDIUM Jan 10, 2024

CVE-2023-48242

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.

MEDIUM Jan 10, 2024