Vulnerabilities (CVE)

Filtered by vendor Sielco Subscribe
Filtered by product Analog Fm Transmitter Exc1000gt
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-42769 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2024-02-28 N/A 9.8 CRITICAL
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.
CVE-2023-45317 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2024-02-28 N/A 8.8 HIGH
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
CVE-2023-45228 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2024-02-28 N/A 6.5 MEDIUM
The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.
CVE-2023-41966 1 Sielco 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more 2024-02-28 N/A 8.8 HIGH
The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.