CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Mersive 1Solstice Pod Firmware Dec 23, 2025 Dec 4, 2025 6.9 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized use...Show more |
1Mersive 1Solstice Pod Firmware Nov 21, 2024 Dec 23, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requi...Show more |
1Mersive 1Solstice Pod Firmware Nov 21, 2024 Dec 23, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities. |
1Mersive 1Solstice Pod Firmware Nov 21, 2024 Dec 23, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could r...Show more |
1Mersive 1Solstice Pod Firmware Nov 21, 2024 Nov 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may c...Show more |