Bevywise: Security Vulnerabilities
A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-10-13
A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-13
In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined with a malformed unsubscribe request packet can be used to cause a Denial of Service attack against the broker.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-06-10