← Back

Unified Remote

unified_remote

Vendor: Unifiedremote • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-52252
1Unifiedremote
1Unified Remote
Nov 21, 2024
Dec 30, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.
CVE-2022-3229
1Unifiedremote
1Unified Remote
Mar 25, 2025
Feb 6, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unifi...Show more
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.Show less