Vulnerabilities > Moog
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-21 | CVE-2020-24054 | OS Command Injection vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. | 9.8 |
| 2020-08-21 | CVE-2020-24053 | Use of Hard-coded Credentials vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. | 7.5 |
| 2020-08-21 | CVE-2020-24052 | XXE vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. | 9.1 |
| 2020-08-21 | CVE-2020-24051 | Missing Authentication for Critical Function vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. | 9.8 |