Vulnerabilities > Zultys

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-08	CVE-2023-43742	Improper Authentication vulnerability in Zultys products An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. network low complexity zultys CWE-287 critical	9.8
2023-12-08	CVE-2023-43743	SQL Injection vulnerability in Zultys products A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. network low complexity zultys CWE-89	8.8
2023-12-08	CVE-2023-43744	OS Command Injection vulnerability in Zultys products An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. network low complexity zultys CWE-78	7.2

Vulnerabilities > Zultys {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Zultys"}]}