Vulnerabilities (CVE)

Filtered by vendor Loxone Subscribe
Filtered by product Miniserver Go Gen 2
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-36624 1 Loxone 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware 2024-11-21 N/A 7.8 HIGH
Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.
CVE-2023-36623 1 Loxone 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware 2024-11-21 N/A 7.8 HIGH
The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges.
CVE-2023-36622 1 Loxone 2 Miniserver Go Gen 2, Miniserver Go Gen 2 Firmware 2024-11-21 N/A 7.2 HIGH
The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.