OringnetCVEs & Vulnerabilities

8 CVEs affecting Oringnet products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

iap-420 8iap-420 firmware 8iap-420\+ 1iap-420\+ firmware 1
CVE-2024-55548HIGH

Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e.

10 Dec 2024
7.5
CVSS
CVE-2024-55547CRITICAL

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e.

10 Dec 2024
9.8
CVSS
CVE-2024-55546MEDIUM

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

10 Dec 2024
5.4
CVSS
CVE-2024-55545MEDIUM

Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

10 Dec 2024
6.1
CVSS
CVE-2024-55544HIGH

Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below.

10 Dec 2024
8.8
CVSS
CVE-2024-5411HIGH

Missing input validation and OS command integration of the input in the ORing IAP-420 web-interface allows authenticated command injection.This issue affects IAP-420 version 2.01e and below.

28 May 2024
8.8
CVSS
CVE-2024-5410MEDIUM

Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

28 May 2024
5.4
CVSS
CVE-2022-3203CRITICAL

On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.

21 Oct 2022
9.8
CVSS
← PrevPage 1 / 1Next →