Milesight Milesightvpn — known CVE vulnerabilities
Every CVE whose affected-product data names Milesight Milesightvpn, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-22371 — CVSS 8.1 (high): An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A…
CVE-2023-23907 — CVSS 7.5 (high): A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network…
CVE-2023-22319 — CVSS 7.3 (high): A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network…
CVE-2023-22844 — CVSS 7.3 (high): An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A…
CVE-2023-24496 — CVSS 4.7 (medium): Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A…