Vulnerabilities > Generex
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-28 | CVE-2022-47186 | Unrestricted Upload of File with Dangerous Type vulnerability in Generex Cs141 Firmware There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. | 9.1 |
| 2023-09-28 | CVE-2022-47187 | Cross-site Scripting vulnerability in Generex Cs141 Firmware There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. | 6.1 |
| 2023-03-31 | CVE-2022-47188 | Link Following vulnerability in Generex Cs141 Firmware There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. | 7.5 |
| 2023-03-31 | CVE-2022-47189 | Unspecified vulnerability in Generex Cs141 Firmware Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. | 9.1 |
| 2023-03-31 | CVE-2022-47190 | Unrestricted Upload of File with Dangerous Type vulnerability in Generex Cs141 Firmware Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | 9.8 |
| 2023-03-31 | CVE-2022-47191 | Unrestricted Upload of File with Dangerous Type vulnerability in Generex Cs141 Firmware Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | 8.8 |
| 2023-03-31 | CVE-2022-47192 | Unspecified vulnerability in Generex Cs141 Firmware Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password. | 8.8 |
| 2022-10-06 | CVE-2022-42457 | Unspecified vulnerability in Generex Cs141 Firmware Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh). | 7.2 |
| 2022-06-13 | CVE-2022-26041 | Path Traversal vulnerability in Generex Rccmd 4.26 Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. | 6.5 |
| 2020-04-27 | CVE-2020-11420 | Path Traversal vulnerability in multiple products UPS Adapter CS141 before 1.90 allows Directory Traversal. | 6.5 |