Vulnerabilities > Moog
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-21 | CVE-2020-24054 | OS Command Injection vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'. | 10.0 |
| 2020-08-21 | CVE-2020-24053 | Path Traversal vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. | 5.0 |
| 2020-08-21 | CVE-2020-24052 | XML Entity Expansion vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. | 6.4 |
| 2020-08-21 | CVE-2020-24051 | Improper Authentication vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations. | 10.0 |