MidnightBSD

Advisories for eltex

CVE-2018-15356 MEDIUM

An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
eltex esp-200_firmware 1.2.0
CVE-2018-15357 MEDIUM

An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
eltex esp-200_firmware 1.2.0
CVE-2018-15358 MEDIUM

An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
eltex esp-200_firmware 1.2.0
CVE-2018-15359 MEDIUM

An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
eltex esp-200_firmware 1.2.0
CVE-2018-15360 HIGH

An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
eltex esp-200_firmware 1.2.0