Copeland Xweb 300d Pro Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Copeland Xweb 300d Pro Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2026-21718 — CVSS 10.0 (critical): An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the…
CVE-2026-24663 — CVSS 9.0 (critical): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote…
CVE-2026-25085 — CVSS 8.6 (high): A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine…
CVE-2026-20910 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-21389 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-23702 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-24452 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-24517 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-3037 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-20764 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-20902 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-25721 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-20742 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-24689 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-24695 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-25037 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-25105 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-25109 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-25111 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-25195 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-25196 — CVSS 8.0 (high): An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote…
CVE-2026-20797 — CVSS 4.3 (medium): A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause…
CVE-2026-22877 — CVSS 3.7 (low): An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary…