Vulnerabilities > Snapone > Orvc > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-22 CVE-2023-31241 Unprotected Alternate Channel vulnerability in Snapone Orvc
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
network
low complexity
snapone CWE-420
critical
 10.0
10
2023-05-22 CVE-2023-31240 Unspecified vulnerability in Snapone Orvc
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely.
network
low complexity
snapone
critical
 9.8
9.8
2023-05-22 CVE-2023-28386 Improper Validation of Integrity Check Value vulnerability in Snapone Orvc
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly.
network
low complexity
snapone CWE-354
critical
 9.8
9.8