Kramerav

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-33469 1Kramerav 2Via Connect2 Firmware Via Go2 Firmware Nov 21, 2024 Aug 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the...Show more In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.Show less
CVE-2023-33468 1Kramerav 2Via Connect2 Firmware Via Go2 Firmware Nov 21, 2024 Aug 9, 2023 N/A· v4 9.1 CRITICAL· v3 N/A· v2 KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmatio...Show more KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.Show less
CVE-2023-33509 1Kramerav 1Via Go2 Firmware Jan 10, 2025 May 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection.
CVE-2023-33508 1Kramerav 1Via Go2 Firmware Jan 10, 2025 May 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE).
CVE-2023-33507 1Kramerav 1Via Go2 Firmware Jan 10, 2025 May 31, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.
CVE-2021-36356 1Kramerav 1Viaware Nov 21, 2024 Aug 31, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer re...Show more KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.Show less
CVE-2021-35064 1Kramerav 1Viaware Nov 21, 2024 Jul 12, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.
CVE-2019-17124 1Kramerav 1Viaware Nov 21, 2024 Oct 9, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.