Ctrlx Hmi Web Panel Wr21 (Wr2107)
Approved changes feed: RSS · Atom
cpe:2.3:a:rexroth:ctrlx_hmi_web_panel_-_wr21_(wr2107):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Rexroth (51edd9e8-ecba-58d0-8477-ad07cd7ab7ed) |
|---|---|
| Product | Ctrlx Hmi Web Panel Wr21 (Wr2107) (cafd8cf0-5e08-57eb-89f7-cb632182652e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-45844 |
vulnerable | 2026-06-03 14:53:08.690904 |
Details available
HIGH (7.3)
The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).
Published: 2023-10-25T13:07:15.053Z
Updated: 2024-09-10T20:24:25.472Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45220 |
vulnerable | 2026-06-03 14:53:07.802974 |
Details available
HIGH (8.8)
The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.
Published: 2023-10-25T14:15:02.630Z
Updated: 2024-09-11T18:11:14.503Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-43488 |
vulnerable | 2026-06-03 14:52:55.519717 |
Details available
HIGH (7.9)
The vulnerability allows a low privileged (untrusted) application to
modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
Published: 2023-10-25T13:27:09.366Z
Updated: 2024-09-17T14:06:24.603Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41960 |
vulnerable | 2026-06-03 14:52:52.811453 |
Details available
HIGH (7.1)
The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.
Published: 2023-10-25T14:12:08.722Z
Updated: 2024-09-12T14:29:20.687Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41372 |
vulnerable | 2026-06-03 14:52:51.704569 |
Details available
HIGH (7.8)
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair
Published: 2023-10-25T14:13:34.827Z
Updated: 2024-09-12T14:28:34.281Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41255 |
vulnerable | 2026-06-03 14:52:51.439378 |
Details available
HIGH (8.8)
The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication
of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.
Published: 2023-10-25T14:10:50.626Z
Updated: 2024-09-12T14:30:27.445Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.