汇总 multitech 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 SQL 注入与CSRF,在 软件部署与生产负载 使用场景中可能带来 数据泄露 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2023-25201 | Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload. | [email protected] | 8.8 | 1.06% | 2023-07-07 | 2024-11-21 |
| CVE-2020-7594 | MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | [email protected] | 7.2 | 2.27% | 2020-01-21 | 2024-11-21 |
| CVE-2018-17562 | Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points. | [email protected] | 7.5 | 0.51% | 2018-10-03 | 2024-11-21 |
| CVE-2016-10512 | MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext. | [email protected] | 9.8 | 0.42% | 2017-09-30 | 2026-05-13 |
| CVE-2003-0126 | The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities. | [email protected] | 7.5 | 0.47% | 2003-03-18 | 2026-04-16 |
| CVE-2003-0125 | Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value. | [email protected] | 5.0 | 10.05% | 2003-03-18 | 2026-04-16 |