Vulnerabilities > Snapone
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-22 | CVE-2023-25183 | Unspecified vulnerability in Snapone Orvc In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. | 7.2 |
| 2023-05-22 | CVE-2023-28386 | Insufficient Verification of Data Authenticity vulnerability in Snapone Orvc Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. | 9.8 |
| 2023-05-22 | CVE-2023-28412 | Information Exposure Through Discrepancy vulnerability in Snapone Orvc When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. | 5.3 |
| 2023-05-22 | CVE-2023-28649 | Improper Input Validation vulnerability in Snapone Orvc The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. | 7.5 |
| 2023-05-22 | CVE-2023-31193 | Cleartext Transmission of Sensitive Information vulnerability in Snapone Orvc Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. | 7.5 |
| 2023-05-22 | CVE-2023-31240 | Use of Hard-coded Credentials vulnerability in Snapone Orvc Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. | 9.8 |
| 2023-05-22 | CVE-2023-31241 | Unspecified vulnerability in Snapone Orvc Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. | 10.0 |
| 2023-05-22 | CVE-2023-31245 | Open Redirect vulnerability in Snapone Orvc Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. | 6.1 |