Vulnerabilities > Carrier > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-06 | CVE-2022-31480 | Forced Browsing vulnerability in multiple products An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). | 7.5 |
2022-06-06 | CVE-2022-31482 | Classic Buffer Overflow vulnerability in multiple products An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. | 7.5 |
2022-06-06 | CVE-2022-31483 | Path Traversal vulnerability in multiple products An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. | 8.8 |
2022-06-06 | CVE-2022-31484 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. | 7.5 |
2022-06-06 | CVE-2022-31486 | OS Command Injection vulnerability in multiple products An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. | 8.8 |
2018-06-14 | CVE-2018-8819 | XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5 An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. | 7.5 |
2017-08-31 | CVE-2016-5795 | XXE vulnerability in multiple products An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. | 7.3 |
2017-08-25 | CVE-2017-9650 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. | 7.8 |
2017-08-25 | CVE-2017-9644 | Unquoted Search Path or Element vulnerability in multiple products An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. | 7.0 |