Every CVE whose affected-product data names Snapone Orvc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2023-28386 — CVSS 8.6 (high): Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the…
CVE-2023-31241 — CVSS 8.6 (high): Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
CVE-2023-28649 — CVSS 8.6 (high): The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability…
CVE-2023-31240 — CVSS 8.3 (high): Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC…
CVE-2023-25183 — CVSS 8.3 (high): In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to…
CVE-2023-31193 — CVSS 7.5 (high): Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS…
CVE-2023-31245 — CVSS 7.1 (high): Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers…
CVE-2023-28412 — CVSS 5.3 (medium): When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices…