Vulnerabilities > Emerson > Wireless 1420 Gateway Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2021-38485 | Improper Input Validation vulnerability in Emerson products The affected product is vulnerable to improper input validation in the restore file. | 8.8 |
| 2021-10-22 | CVE-2021-42536 | Exposure of Resource to Wrong Sphere vulnerability in Emerson products The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. | 6.5 |
| 2021-10-22 | CVE-2021-42538 | Command Injection vulnerability in Emerson products The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input. | 8.8 |
| 2021-10-22 | CVE-2021-42539 | Missing Authentication for Critical Function vulnerability in Emerson products The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change. | 8.8 |
| 2021-10-22 | CVE-2021-42540 | Write-what-where Condition vulnerability in Emerson products The affected product is vulnerable to a unsanitized extract folder for system configuration. | 8.8 |
| 2021-10-22 | CVE-2021-42542 | Path Traversal vulnerability in Emerson products The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | 8.8 |
| 2021-09-29 | CVE-2020-12030 | Unspecified vulnerability in Emerson products There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. | 10.0 |
| 2021-03-10 | CVE-2020-19417 | Unspecified vulnerability in Emerson Wireless 1420 Gateway Firmware 4.6.59 Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application. | 8.8 |