Tbox Lt2 530 Firmware

tbox_lt2-530_firmware

Vendor: Ovarro • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-22650 1Ovarro 8Tbox Lt2 530 Firmware Tbox Lt2 532 FirmwareTbox Lt2 540 Firmware+5 more Apr 17, 2025 Jul 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.
CVE-2021-22648 1Ovarro 8Tbox Lt2 530 Firmware Tbox Lt2 532 FirmwareTbox Lt2 540 Firmware+5 more Apr 17, 2025 Jul 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.
CVE-2021-22646 1Ovarro 8Tbox Lt2 530 Firmware Tbox Lt2 532 FirmwareTbox Lt2 540 Firmware+5 more Apr 17, 2025 Jul 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
CVE-2021-22644 1Ovarro 8Tbox Lt2 530 Firmware Tbox Lt2 532 FirmwareTbox Lt2 540 Firmware+5 more Apr 17, 2025 Jul 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.
CVE-2021-22642 1Ovarro 8Tbox Lt2 530 Firmware Tbox Lt2 532 FirmwareTbox Lt2 540 Firmware+5 more Apr 17, 2025 Jul 28, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.
CVE-2021-22640 1Ovarro 8Tbox Lt2 530 Firmware Tbox Lt2 532 FirmwareTbox Lt2 540 Firmware+5 more Apr 17, 2025 Jul 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.