MidnightBSD

Advisories for elvexys

CVE-2022-4778

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected.

Products Affected

Vendor Product Version
elvexys streamx *
CVE-2022-4779

StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected.

Products Affected

Vendor Product Version
elvexys streamx *
CVE-2022-4780

ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credentials from embedded StreamX installer that integrators are not forced to change.

Products Affected

Vendor Product Version
elvexys isos_firmware *