Vulnerabilities > ATE Mahoroba

DATE CVE VULNERABILITY TITLE RISK
2023-01-17 CVE-2023-22279 OS Command Injection vulnerability in Ate-Mahoroba products
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command.
network
low complexity
ate-mahoroba CWE-78
critical
 9.8
9.8
2023-01-17 CVE-2023-22280 OS Command Injection vulnerability in Ate-Mahoroba products
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
network
low complexity
ate-mahoroba CWE-78
7.2
7.2
2023-01-17 CVE-2023-22286 Cross-Site Request Forgery (CSRF) vulnerability in Ate-Mahoroba products
Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in.
network
low complexity
ate-mahoroba CWE-352
8.1
8.1
2023-01-17 CVE-2023-22296 Cross-site Scripting vulnerability in Ate-Mahoroba products
Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to inject an arbitrary script.
network
low complexity
ate-mahoroba CWE-79
6.1
6.1