Vulnerabilities > Kramerav > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-33468 | Incorrect Authorization vulnerability in Kramerav VIA Connect2 Firmware and VIA GO2 Firmware KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. | 9.1 |
| 2023-05-31 | CVE-2023-33508 | Unrestricted Upload of File with Dangerous Type vulnerability in Kramerav VIA GO2 Firmware KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). | 9.8 |
| 2023-05-31 | CVE-2023-33509 | SQL Injection vulnerability in Kramerav VIA GO2 Firmware KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection. | 9.8 |
| 2021-08-31 | CVE-2021-36356 | Unrestricted Upload of File with Dangerous Type vulnerability in Kramerav Viaware 2.5.0719.1034 KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). | 9.8 |
| 2021-07-12 | CVE-2021-35064 | Improper Privilege Management vulnerability in Kramerav Viaware KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. | 9.8 |
| 2019-10-09 | CVE-2019-17124 | Incorrect Default Permissions vulnerability in Kramerav Viaware 2.5.0719.1034 Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. | 9.8 |