Vulnerabilities > Carrier > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-06 CVE-2022-31480 Forced Browsing vulnerability in multiple products
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS).
network
low complexity
hidglobal carrier CWE-425
7.5
2022-06-06 CVE-2022-31482 Classic Buffer Overflow vulnerability in multiple products
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer.
network
low complexity
hidglobal carrier CWE-120
7.5
2022-06-06 CVE-2022-31483 Path Traversal vulnerability in multiple products
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem.
network
low complexity
hidglobal carrier CWE-22
8.8
2022-06-06 CVE-2022-31484 Forced Browsing vulnerability in multiple products
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface.
network
low complexity
hidglobal carrier CWE-425
7.5
2022-06-06 CVE-2022-31486 OS Command Injection vulnerability in multiple products
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands.
network
low complexity
hidglobal carrier CWE-78
8.8
2018-06-14 CVE-2018-8819 XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5.
network
low complexity
carrier CWE-611
7.5
2017-08-31 CVE-2016-5795 XXE vulnerability in multiple products
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior.
network
low complexity
automatedlogic carrier CWE-611
7.3
2017-08-25 CVE-2017-9650 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.
local
low complexity
automatedlogic carrier CWE-434
7.8
2017-08-25 CVE-2017-9644 Unquoted Search Path or Element vulnerability in multiple products
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.
local
high complexity
automatedlogic carrier CWE-428
7.0