Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

IAP-420

Source -

CNA

CNA CVEs -

7

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
7Vulnerabilities found
CVE-2024-55548
Assigner-CyberDanube
ShareView Details
Assigner-CyberDanube
CVSS Score-6.9||MEDIUM
EPSS-0.12% / 31.50%
||
7 Day CHG+0.01%
Published-10 Dec, 2024 | 16:34
Updated-10 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service

Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.

Action-Not Available
Vendor-ORing
Product-IAP-420
CWE ID-CWE-703
Improper Check or Handling of Exceptional Conditions
CVE-2024-55547
Assigner-CyberDanube
ShareView Details
Assigner-CyberDanube
CVSS Score-9.3||CRITICAL
EPSS-2.07% / 83.25%
||
7 Day CHG+0.44%
Published-10 Dec, 2024 | 16:27
Updated-10 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Command Execution via SNMP

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.

Action-Not Available
Vendor-ORing
Product-IAP-420
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-55546
Assigner-CyberDanube
ShareView Details
Assigner-CyberDanube
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.84%
||
7 Day CHG+0.02%
Published-10 Dec, 2024 | 16:21
Updated-10 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross-Site Scripting

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

Action-Not Available
Vendor-ORing
Product-IAP-420
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-55545
Assigner-CyberDanube
ShareView Details
Assigner-CyberDanube
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.84%
||
7 Day CHG+0.02%
Published-10 Dec, 2024 | 16:14
Updated-10 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-Site Scripting

Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

Action-Not Available
Vendor-ORing
Product-IAP-420
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-55544
Assigner-CyberDanube
ShareView Details
Assigner-CyberDanube
CVSS Score-8.7||HIGH
EPSS-0.08% / 24.62%
||
7 Day CHG+0.01%
Published-10 Dec, 2024 | 16:04
Updated-10 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Command Injection

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

Action-Not Available
Vendor-ORing
Product-IAP-420
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-5411
Assigner-CyberDanube
ShareView Details
Assigner-CyberDanube
CVSS Score-8.7||HIGH
EPSS-1.28% / 78.77%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 10:28
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Command Injection

Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.

Action-Not Available
Vendor-ORingoringnet
Product-IAP-420iap-420_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-5410
Assigner-CyberDanube
ShareView Details
Assigner-CyberDanube
CVSS Score-8.3||HIGH
EPSS-0.32% / 53.99%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 10:23
Updated-13 Feb, 2025 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross-Site Scripting

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

Action-Not Available
Vendor-ORing
Product-IAP-420
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')