Ovarro Tbox Lt2-532 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Ovarro Tbox Lt2-532 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-22646 — CVSS 8.8 (high): The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing…
CVE-2021-22648 — CVSS 8.8 (high): Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.
CVE-2021-22640 — CVSS 7.5 (high): An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.
CVE-2021-22642 — CVSS 7.5 (high): An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.
CVE-2021-22650 — CVSS 7.5 (high): An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could…