Vulnerabilities > Fantec

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-28113 Reliance on Cookies without Validation and Integrity Checking vulnerability in Fantec Mwid25-Ds Firmware 2.000.030
An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.
network
low complexity
fantec CWE-565
critical
9.0
2022-04-06 CVE-2022-26591 Session Fixation vulnerability in Fantec Mwid25-Ds Firmware 2.000.030
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request.
network
low complexity
fantec CWE-384
7.5