Vulnerabilities > Carrier > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-06 | CVE-2022-31480 | Forced Browsing vulnerability in multiple products An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). | 5.0 |
| 2022-06-06 | CVE-2022-31484 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. | 5.0 |
| 2022-06-06 | CVE-2022-31485 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. | 5.0 |
| 2022-04-20 | CVE-2022-1318 | Information Exposure Through Discrepancy vulnerability in Carrier Hills Comnav Firmware 300219 Hills ComNav version 3002-19 suffers from a weak communication channel. | 5.5 |
| 2021-02-22 | CVE-2020-19762 | Cross-site Scripting vulnerability in Carrier Webctrl System Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. | 4.3 |
| 2018-06-14 | CVE-2018-8819 | XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5 An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. | 5.0 |
| 2017-08-25 | CVE-2017-9650 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. | 4.6 |
| 2017-08-25 | CVE-2017-9644 | Unquoted Search Path or Element vulnerability in multiple products An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. | 6.9 |
| 2017-08-25 | CVE-2017-9640 | Path Traversal vulnerability in multiple products A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. | 6.5 |