Vulnerabilities > Carrier

DATE CVE VULNERABILITY TITLE RISK
2022-06-06 CVE-2022-31479 OS Command Injection vulnerability in multiple products
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process.
network
low complexity
hidglobal carrier CWE-78
critical
9.8
2022-06-06 CVE-2022-31480 Forced Browsing vulnerability in multiple products
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS).
network
low complexity
hidglobal carrier CWE-425
5.0
2022-06-06 CVE-2022-31481 Classic Buffer Overflow vulnerability in multiple products
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer.
network
low complexity
hidglobal carrier CWE-120
7.5
2022-06-06 CVE-2022-31482 Classic Buffer Overflow vulnerability in multiple products
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer.
network
low complexity
hidglobal carrier CWE-120
7.8
2022-06-06 CVE-2022-31483 Path Traversal vulnerability in multiple products
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem.
network
low complexity
hidglobal carrier CWE-22
critical
9.0
2022-06-06 CVE-2022-31484 Forced Browsing vulnerability in multiple products
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface.
network
low complexity
hidglobal carrier CWE-425
5.0
2022-06-06 CVE-2022-31485 Forced Browsing vulnerability in multiple products
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface.
network
low complexity
hidglobal carrier CWE-425
5.0
2022-06-06 CVE-2022-31486 OS Command Injection vulnerability in multiple products
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands.
network
low complexity
hidglobal carrier CWE-78
critical
9.0
2022-04-20 CVE-2022-1318 Information Exposure Through Discrepancy vulnerability in Carrier Hills Comnav Firmware 300219
Hills ComNav version 3002-19 suffers from a weak communication channel.
local
low complexity
carrier CWE-203
5.5
2022-04-20 CVE-2022-26519 Improper Restriction of Excessive Authentication Attempts vulnerability in Carrier Hills Comnav Firmware 300219
There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.
local
low complexity
carrier CWE-307
2.1