Vulnerabilities > Milesight > Milesightvpn

DATE CVE VULNERABILITY TITLE RISK
2023-07-06 CVE-2023-22319 SQL Injection vulnerability in Milesight Milesightvpn 2.0.2
A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2.
network
low complexity
milesight CWE-89
critical
 9.8
9.8
2023-07-06 CVE-2023-22371 OS Command Injection vulnerability in Milesight Milesightvpn 2.0.2
An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2.
network
high complexity
milesight CWE-78
8.1
8.1
2023-07-06 CVE-2023-22844 Use of Hard-coded Cryptographic Key vulnerability in Milesight Milesightvpn 2.0.2
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2.
network
low complexity
milesight CWE-321
critical
 9.8
9.8
2023-07-06 CVE-2023-23907 Path Traversal vulnerability in Milesight Milesightvpn 2.0.2
A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2.
network
low complexity
milesight CWE-22
7.5
7.5
2023-07-06 CVE-2023-24496 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Milesight Milesightvpn 2.0.2
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2.
network
high complexity
milesight CWE-80
4.7
4.7