Описание
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.
Ссылки
- Not Applicable
- ExploitThird Party Advisory
- Not Applicable
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.1.1326 (исключая)
Одновременно
cpe:2.3:o:kramerav:via_go2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 4.0.1.1326 (исключая)
Одновременно
cpe:2.3:o:kramerav:via_connect2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00035
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 9.1
github
больше 2 лет назад
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.
EPSS
Процентиль: 10%
0.00035
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-863