Nexo Cordless Nutrunner Nxa030S 36V (0608842002)
Approved changes feed: RSS · Atom
cpe:2.3:a:rexroth:nexo_cordless_nutrunner_nxa030s-36v_(0608842002):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Rexroth (51edd9e8-ecba-58d0-8477-ad07cd7ab7ed) |
|---|---|
| Product | Nexo Cordless Nutrunner Nxa030S 36V (0608842002) (e9650f00-6ed9-5680-af38-11b4a9a0a87f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-48266 |
vulnerable | 2026-06-03 14:53:18.744088 |
Details available
HIGH (8.1)
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
Published: 2024-01-10T13:10:15.503Z
Updated: 2025-06-17T20:59:15.373Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48265 |
vulnerable | 2026-06-03 14:53:18.742799 |
Details available
HIGH (8.1)
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
Published: 2024-01-10T13:09:46.605Z
Updated: 2025-06-17T20:59:15.232Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48264 |
vulnerable | 2026-06-03 14:53:18.741461 |
Details available
HIGH (8.1)
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
Published: 2024-01-10T13:09:10.347Z
Updated: 2025-04-17T15:48:37.330Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48263 |
vulnerable | 2026-06-03 14:53:18.740086 |
Details available
HIGH (8.1)
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
Published: 2024-01-10T13:08:37.557Z
Updated: 2025-06-17T20:59:15.081Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48262 |
vulnerable | 2026-06-03 14:53:18.738596 |
Details available
HIGH (8.1)
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
Published: 2024-01-10T13:08:03.996Z
Updated: 2025-06-17T20:59:14.930Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48261 |
vulnerable | 2026-06-03 14:53:18.736640 |
Details available
MEDIUM (5.3)
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
Published: 2024-01-10T13:07:22.893Z
Updated: 2025-06-03T14:28:07.088Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48260 |
vulnerable | 2026-06-03 14:53:18.735331 |
Details available
MEDIUM (5.3)
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
Published: 2024-01-10T13:06:48.658Z
Updated: 2025-06-17T20:59:14.784Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48259 |
vulnerable | 2026-06-03 14:53:18.733777 |
Details available
MEDIUM (5.3)
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
Published: 2024-01-10T13:05:41.881Z
Updated: 2025-06-17T20:59:14.559Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48258 |
vulnerable | 2026-06-03 14:53:18.732488 |
Details available
MEDIUM (5.5)
The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP
request through a victim’s session.
Published: 2024-01-10T13:05:08.294Z
Updated: 2025-06-17T20:59:14.356Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48257 |
vulnerable | 2026-06-03 14:53:18.731133 |
Details available
HIGH (7.8)
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.
Published: 2024-01-10T13:04:36.606Z
Updated: 2025-06-17T20:59:14.230Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48256 |
vulnerable | 2026-06-03 14:53:18.729837 |
Details available
MEDIUM (5.3)
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.
Published: 2024-01-10T13:04:04.926Z
Updated: 2025-06-17T20:59:14.100Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48255 |
vulnerable | 2026-06-03 14:53:18.728514 |
Details available
MEDIUM (6.3)
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.
Published: 2024-01-10T13:03:32.151Z
Updated: 2025-06-17T20:59:13.975Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48254 |
vulnerable | 2026-06-03 14:53:18.727220 |
Details available
MEDIUM (5.3)
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
Published: 2024-01-10T13:02:51.682Z
Updated: 2025-06-17T20:59:13.843Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48253 |
vulnerable | 2026-06-03 14:53:18.725870 |
Details available
HIGH (8.8)
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.
By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.
Published: 2024-01-10T13:02:19.652Z
Updated: 2025-06-17T20:59:13.701Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48252 |
vulnerable | 2026-06-03 14:53:18.724509 |
Details available
HIGH (8.8)
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
Published: 2024-01-10T13:01:35.579Z
Updated: 2025-06-17T20:59:13.576Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48251 |
vulnerable | 2026-06-03 14:53:18.723206 |
Details available
HIGH (8.1)
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
Published: 2024-01-10T13:00:29.554Z
Updated: 2025-06-17T20:59:13.437Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48250 |
vulnerable | 2026-06-03 14:53:18.721829 |
Details available
HIGH (8.1)
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.
Published: 2024-01-10T10:43:24.818Z
Updated: 2025-06-17T20:59:13.277Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48249 |
vulnerable | 2026-06-03 14:53:18.720495 |
Details available
MEDIUM (6.5)
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to steal session cookies of other active users.
Published: 2024-01-10T10:42:03.673Z
Updated: 2025-06-17T20:59:13.141Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48248 |
vulnerable | 2026-06-03 14:53:18.718990 |
Details available
MEDIUM (5.5)
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.
Published: 2024-01-10T10:41:20.413Z
Updated: 2025-06-17T20:59:13.000Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48247 |
vulnerable | 2026-06-03 14:53:18.717636 |
Details available
MEDIUM (5.3)
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
Published: 2024-01-10T10:40:20.260Z
Updated: 2025-06-17T20:59:12.865Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48246 |
vulnerable | 2026-06-03 14:53:18.716090 |
Details available
MEDIUM (6.5)
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
Published: 2024-01-10T10:39:30.602Z
Updated: 2025-06-17T20:59:12.689Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48245 |
vulnerable | 2026-06-03 14:53:18.714633 |
Details available
MEDIUM (6.5)
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
Published: 2024-01-10T10:38:46.846Z
Updated: 2025-06-17T20:59:12.535Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48244 |
vulnerable | 2026-06-03 14:53:18.713164 |
Details available
MEDIUM (5.3)
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
Published: 2024-01-10T10:37:55.300Z
Updated: 2025-06-17T20:59:12.411Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48243 |
vulnerable | 2026-06-03 14:53:18.711615 |
Details available
HIGH (8.1)
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.
Published: 2024-01-10T10:36:56.971Z
Updated: 2025-06-17T20:59:12.299Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-48242 |
vulnerable | 2026-06-03 14:53:18.678109 |
Details available
MEDIUM (6.5)
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
Published: 2024-01-10T10:35:25.216Z
Updated: 2025-06-17T20:59:12.176Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.