Vulnerabilities > Phoenixcontact > TC Mguard Rs4000 4G ATT VPN Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-43385 | OS Command Injection vulnerability in Phoenixcontact products A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. | 8.8 |
| 2024-09-10 | CVE-2024-43386 | OS Command Injection vulnerability in Phoenixcontact products A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices. | 8.8 |
| 2024-09-10 | CVE-2024-43387 | OS Command Injection vulnerability in Phoenixcontact products A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. | 8.8 |
| 2024-09-10 | CVE-2024-43388 | Unspecified vulnerability in Phoenixcontact products A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation. | 8.8 |
| 2024-09-10 | CVE-2024-43389 | Unspecified vulnerability in Phoenixcontact products A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS. | 8.1 |
| 2024-09-10 | CVE-2024-43390 | Unspecified vulnerability in Phoenixcontact products A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS. | 8.1 |
| 2024-09-10 | CVE-2024-43391 | Unspecified vulnerability in Phoenixcontact products A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS. | 8.1 |
| 2024-09-10 | CVE-2024-43392 | Unspecified vulnerability in Phoenixcontact products A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS. | 8.1 |
| 2024-09-10 | CVE-2024-43393 | Unspecified vulnerability in Phoenixcontact products A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS. | 8.1 |
| 2024-09-10 | CVE-2024-7698 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Phoenixcontact products A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks. | 5.7 |