KrameravCVEs & Vulnerabilities

8 CVEs affecting Kramerav products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

via go2 5via go2 firmware 5viaware 3via connect2 2via connect2 firmware 2
CVE-2021-35064KEVCRITICALin the wild

KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg.

11 Apr 2026
9.8
CVSS
CVE-2021-36356KEVCRITICALin the wild

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.

11 Apr 2026
9.8
CVSS
CVE-2023-33469HIGH

In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.

9 Aug 2023
7.8
CVSS
CVE-2023-33468CRITICAL

KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.

9 Aug 2023
9.1
CVSS
CVE-2023-33509CRITICAL

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection.

31 May 2023
9.8
CVSS
CVE-2023-33508CRITICAL

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE).

31 May 2023
9.8
CVSS
CVE-2023-33507HIGH

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.

31 May 2023
7.5
CVSS
CVE-2019-17124CRITICALpoc

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.

9 Oct 2019
9.8
CVSS
← PrevPage 1 / 1Next →