Vulnerabilities > Snapone

DATE CVE VULNERABILITY TITLE RISK
2023-05-22 CVE-2023-25183 Unspecified vulnerability in Snapone Orvc
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.
network
low complexity
snapone
7.2
2023-05-22 CVE-2023-28386 Improper Validation of Integrity Check Value vulnerability in Snapone Orvc
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly.
network
low complexity
snapone CWE-354
critical
9.8
2023-05-22 CVE-2023-28412 Information Exposure Through Discrepancy vulnerability in Snapone Orvc
When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device.
network
low complexity
snapone CWE-203
5.3
2023-05-22 CVE-2023-28649 Improper Resource Locking vulnerability in Snapone Orvc
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it.
network
low complexity
snapone CWE-413
7.5
2023-05-22 CVE-2023-31193 Unspecified vulnerability in Snapone Orvc
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers.
network
low complexity
snapone
7.5
2023-05-22 CVE-2023-31240 Unspecified vulnerability in Snapone Orvc
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely.
network
low complexity
snapone
critical
9.8
2023-05-22 CVE-2023-31241 Unprotected Alternate Channel vulnerability in Snapone Orvc
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
network
low complexity
snapone CWE-420
critical
10.0
2023-05-22 CVE-2023-31245 Unspecified vulnerability in Snapone Orvc
Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection.
network
low complexity
snapone
6.1