Sielco Polyeco1000 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sielco Polyeco1000 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-46661 — CVSS 9.8 (critical): Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
CVE-2023-46665 — CVSS 9.8 (critical): Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and…
CVE-2023-5754 — CVSS 9.1 (critical): Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain…
CVE-2023-0897 — CVSS 8.8 (high): Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL…
CVE-2023-46663 — CVSS 7.5 (high): Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application…
CVE-2023-46662 — CVSS 7.5 (high): Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated…
CVE-2023-46664 — CVSS 7.5 (high): Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based…