9 Jul 2025
Riasztás
NA - CVE-2025-7379 - A security bypass vulnerability allows...
A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and...
Read more
9 Jul 2025
Riasztás
NA - CVE-2025-3499 - The device has two web servers that expose...
The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send...
Read more
9 Jul 2025
Riasztás
NA - CVE-2025-3498 - An unauthenticated user with management network...
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. The device has two web servers that expose...
Read more
9 Jul 2025
Riasztás
NA - CVE-2025-3497 - The Linux distribution underlying the Radiflow...
The Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) is obsolete and reached end of life (EOL) on June 30, 2024. Thus, any unmitigated vulnerability could...
Read more
9 Jul 2025
Riasztás
NA - CVE-2025-27028 - The Linux deprivileged user vpuser in Radiflow...
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted...
Read more
9 Jul 2025
Riasztás
NA - CVE-2025-27027 - Restricted shell rbash evasion in Radiflow iSAP...
Restricted shell rbash evasion in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) allows the user vpuser to start a full-feature shell. A user with vpuser credentials that opens an SSH...
Read more