Vulnerabilities > Carrier > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-06 | CVE-2022-31485 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. | 5.3 |
2022-04-20 | CVE-2022-1318 | Information Exposure Through Discrepancy vulnerability in Carrier Hills Comnav Firmware 300219 Hills ComNav version 3002-19 suffers from a weak communication channel. | 5.5 |
2022-04-20 | CVE-2022-26519 | Unspecified vulnerability in Carrier Hills Comnav Firmware 300219 There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials. | 5.5 |
2021-02-22 | CVE-2020-19762 | Cross-site Scripting vulnerability in Carrier Webctrl System Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. | 6.1 |
2017-08-25 | CVE-2017-9640 | Path Traversal vulnerability in multiple products A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. | 6.3 |