Ovarro Tbox Lt2 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Ovarro Tbox Lt2 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-36609 — CVSS 7.2 (high): The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local…
CVE-2023-3395 — CVSS 6.5 (medium): All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system…
CVE-2023-36608 — CVSS 6.5 (medium): The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.
CVE-2023-36611 — CVSS 6.5 (medium): The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with…
CVE-2023-36610 — CVSS 5.9 (medium): The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software…
CVE-2023-36607 — CVSS 5.3 (medium): The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive…