Infiray: >> Iray-A8z3 Security Vulnerabilities
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-07-17
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-07-17
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-07-17
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-07-17