Deltacontrols: >> Entelitouch Firmware >> 3.40.3706 Security Vulnerabilities
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-06-02
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-06-02
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-06-02