Vulnerabilities > Carrier > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-06 CVE-2022-31480 Forced Browsing vulnerability in multiple products
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS).
network
low complexity
hidglobal carrier CWE-425
5.0
2022-06-06 CVE-2022-31484 Forced Browsing vulnerability in multiple products
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface.
network
low complexity
hidglobal carrier CWE-425
5.0
2022-06-06 CVE-2022-31485 Forced Browsing vulnerability in multiple products
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface.
network
low complexity
hidglobal carrier CWE-425
5.0
2022-04-20 CVE-2022-1318 Information Exposure Through Discrepancy vulnerability in Carrier Hills Comnav Firmware 300219
Hills ComNav version 3002-19 suffers from a weak communication channel.
local
low complexity
carrier CWE-203
5.5
2021-02-22 CVE-2020-19762 Cross-site Scripting vulnerability in Carrier Webctrl System
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
network
carrier CWE-79
4.3
2018-06-14 CVE-2018-8819 XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5.
network
low complexity
carrier CWE-611
5.0
2017-08-25 CVE-2017-9650 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.
local
low complexity
automatedlogic carrier CWE-434
4.6
2017-08-25 CVE-2017-9644 Unquoted Search Path or Element vulnerability in multiple products
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.
6.9
2017-08-25 CVE-2017-9640 Path Traversal vulnerability in multiple products
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.
network
low complexity
automatedlogic carrier CWE-22
6.5