Vulnerabilities > Carrier > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-06 CVE-2022-31485 Forced Browsing vulnerability in multiple products
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface.
network
low complexity
hidglobal carrier CWE-425
5.3
2022-04-20 CVE-2022-1318 Information Exposure Through Discrepancy vulnerability in Carrier Hills Comnav Firmware 300219
Hills ComNav version 3002-19 suffers from a weak communication channel.
local
low complexity
carrier CWE-203
5.5
2022-04-20 CVE-2022-26519 Improper Restriction of Excessive Authentication Attempts vulnerability in Carrier Hills Comnav Firmware 300219
There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 3002-19 interface, which allows local attackers to brute-force credentials.
local
low complexity
carrier CWE-307
5.5
2021-02-22 CVE-2020-19762 Cross-site Scripting vulnerability in Carrier Webctrl System
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
network
low complexity
carrier CWE-79
6.1
2017-08-25 CVE-2017-9640 Path Traversal vulnerability in multiple products
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior.
network
low complexity
automatedlogic carrier CWE-22
6.3