Vulnerabilities > Ailux > Imx6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-05 | CVE-2023-45591 | Out-of-bounds Write vulnerability in Ailux Imx6 A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. | 8.8 |
| 2024-03-05 | CVE-2023-45592 | Unspecified vulnerability in Ailux Imx6 A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates the impacts of successful attacks executed against the browser. | 9.8 |
| 2024-03-05 | CVE-2023-45593 | Incomplete Blacklist vulnerability in Ailux Imx6 A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. | 6.8 |
| 2024-03-05 | CVE-2023-45594 | Files or Directories Accessible to External Parties vulnerability in Ailux Imx6 A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. | 6.8 |
| 2024-03-05 | CVE-2023-45595 | Unrestricted Upload of File with Dangerous Type vulnerability in Ailux Imx6 A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. | 8.8 |
| 2024-03-05 | CVE-2023-45597 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ailux Imx6 A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. | 9.0 |
| 2024-03-05 | CVE-2023-45598 | Forced Browsing vulnerability in Ailux Imx6 A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. | 5.3 |
| 2024-03-05 | CVE-2023-45599 | Unspecified vulnerability in Ailux Imx6 A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. | 8.8 |
| 2024-03-05 | CVE-2023-45600 | Unspecified vulnerability in Ailux Imx6 A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. | 9.8 |
| 2024-03-05 | CVE-2023-5457 | Unspecified vulnerability in Ailux Imx6 A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. | 9.8 |