Vulnerabilities
Vulnerable Software
Generex:  >> Cs141 Firmware  >> 2.02  Security Vulnerabilities
There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-09-28
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-28
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-03-31
Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-31
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
CVSS Score
10.0
EPSS Score
0.007
Published
2023-03-31
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-03-31
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-03-31
Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh).
CVSS Score
9.1
EPSS Score
0.02
Published
2022-10-06


Contact Us

Shodan ® - All rights reserved