CVE-2025-27461

all versions

During startup, the device automatically logs in the EPC2 Windows user without requesting a password.

7.6HIGH

CVE-2025-27460

all versions

The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker

7.6HIGH

CVE-2025-27459

all versions

The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original

4.4MEDIUM

CVE-2025-27458

all versions

The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encry

6.5MEDIUM

CVE-2025-27457

all versions

All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain

6.5MEDIUM

CVE-2025-27456

all versions

The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within

7.5HIGH

CVE-2025-27455

<= 0.16.0

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to tr

4.3MEDIUM

CVE-2025-27454

<= 0.16.0

The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web r

4.3MEDIUM

CVE-2025-27453

<= 0.16.0

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScr

5.3MEDIUM

CVE-2025-27452

<= 0.16.0

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are mod

5.3MEDIUM

CVE-2025-27451

<= 0.16.0

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorr

5.3MEDIUM

CVE-2025-27450

<= 0.16.0

The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an u

6.5MEDIUM

CVE-2025-27449

<= 0.16.0

The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time f

7.5HIGH

CVE-2025-27448

<= 0.16.0

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScrip

6.8MEDIUM

CVE-2025-27447

<= 0.16.0

The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScrip

7.4HIGH

CVE-2025-1711

<= 0.16.0

Multiple services of the DUT as well as different scopes of the same service reuse the same credentials.

4.3MEDIUM

CVE-2025-1710

<= 0.16.0

The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a sho

7.5HIGH

CVE-2025-1709

<= 0.16.0

Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded).

6.5MEDIUM

CVE-2025-1708

<= 0.16.0

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content.

8.6HIGH