Vulnerabilities > Multitech

DATE CVE VULNERABILITY TITLE RISK
2023-07-07 CVE-2023-25201 Cross-Site Request Forgery (CSRF) vulnerability in Multitech products
Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.
network
low complexity
multitech CWE-352
8.8
2020-01-21 CVE-2020-7594 OS Command Injection vulnerability in Multitech Conduit Mtcdt-Lvw2-246A Firmware 1.4.17Ocea13592
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function.
network
low complexity
multitech CWE-78
7.2
2018-10-03 CVE-2018-17562 SQL Injection vulnerability in Multitech Faxfinder
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.
network
low complexity
multitech CWE-89
7.5
2017-09-30 CVE-2016-10512 Credentials Management vulnerability in Multitech Faxfinder
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration.
network
low complexity
multitech CWE-255
critical
9.8