Shodan
Vulnerabilities
Vulnerable Software
Bosch:  >> Nexo Special Cordless Nutrunner (0608pe2514)  Security Vulnerabilities
CVE-2023-48258
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session.
CVSS Score
5.5
EPSS Score
0.004
Published
2024-01-10
CVE-2023-48259
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-01-10
CVE-2023-48251
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
CVSS Score
8.1
EPSS Score
0.033
Published
2024-01-10
CVE-2023-48252
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
CVSS Score
8.8
EPSS Score
0.007
Published
2024-01-10
CVE-2023-48253
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-01-10
CVE-2023-48254
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-01-10
CVE-2023-48249
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-01-10
CVE-2023-48250
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
CVSS Score
8.1
EPSS Score
0.007
Published
2024-01-10
CVE-2023-48245
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-01-10
CVE-2023-48246
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved