Miniserver Go Gen 2 Firmware

miniserver_go_gen_2_firmware

Vendor: Loxone • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-36624 1Loxone 1Miniserver Go Gen 2 Firmware Jun 17, 2026 Jul 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.
CVE-2023-36623 1Loxone 1Miniserver Go Gen 2 Firmware Jun 17, 2026 Jul 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges.
CVE-2023-36622 1Loxone 1Miniserver Go Gen 2 Firmware Jun 17, 2026 Jul 5, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.