Vulnerabilities > Carrier > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-06 | CVE-2022-31485 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. | 5.3 |
2022-04-20 | CVE-2022-1318 | Information Exposure Through Discrepancy vulnerability in Carrier Hills Comnav Firmware 300219 Hills ComNav version 3002-19 suffers from a weak communication channel. | 5.5 |
2022-04-20 | CVE-2022-26519 | Improper Restriction of Excessive Authentication Attempts vulnerability in Carrier Hills Comnav Firmware 300219 There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials. | 5.5 |
2021-02-22 | CVE-2020-19762 | Cross-site Scripting vulnerability in Carrier Webctrl System Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. | 6.1 |
2017-08-25 | CVE-2017-9640 | Path Traversal vulnerability in multiple products A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. | 6.3 |