Vulnerabilities > Loxone > Miniserver GO GEN 2 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-36622 | OS Command Injection vulnerability in Loxone Miniserver GO GEN 2 Firmware The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter. | 7.2 |
| 2023-07-05 | CVE-2023-36623 | Use of Hard-coded Credentials vulnerability in Loxone Miniserver GO GEN 2 Firmware 14.1.5.9 The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. | 7.8 |
| 2023-07-05 | CVE-2023-36624 | Missing Authorization vulnerability in Loxone Miniserver GO GEN 2 Firmware Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. | 7.8 |