Ormazabal Ekorrci Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Ormazabal Ekorrci Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2022-47558 — CVSS 9.4 (critical): Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability…
CVE-2022-47555 — CVSS 9.3 (critical): Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new…
CVE-2022-47553 — CVSS 8.6 (high): Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the…
CVE-2022-47559 — CVSS 8.6 (high): Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious…
CVE-2022-47554 — CVSS 8.2 (high): Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from…
CVE-2022-47562 — CVSS 7.5 (high): Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.
CVE-2022-47561 — CVSS 7.3 (high): The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which…
CVE-2022-47556 — CVSS 6.5 (medium): Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous…
CVE-2022-47557 — CVSS 6.1 (medium): Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the…
CVE-2022-47560 — CVSS 5.7 (medium): The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious…