Filtered by vendor Gira
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-33277 | 1 Gira | 2 Knx Ip Router, Knx Ip Router Firmware | 2024-11-21 | N/A | 7.5 HIGH |
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. | |||||
CVE-2023-33276 | 1 Gira | 2 Knx Ip Router, Knx Ip Router Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS). | |||||
CVE-2023-2739 | 1 Gira | 2 Gira Home Server, Gira Home Server Firmware | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
A vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. This vulnerability affects unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27"><img%20src=x%20onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2020-10795 | 1 Gira | 2 Tks-ip-gateway, Tks-ip-gateway Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access. | |||||
CVE-2020-10794 | 1 Gira | 2 Tks-ip-gateway, Tks-ip-gateway Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access. |