Vulnerabilities (CVE)

Filtered by vendor Xantech Subscribe
Filtered by product Wic1200
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-0556 1 Xantech 2 Wic1200, Wic1200 Firmware 2024-11-21 N/A 7.1 HIGH
A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text.
CVE-2024-0555 1 Xantech 2 Wic1200, Wic1200 Firmware 2024-11-21 N/A 4.6 MEDIUM
A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation.
CVE-2024-0554 1 Xantech 2 Wic1200, Wic1200 Firmware 2024-11-21 N/A 5.5 MEDIUM
A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user.