Search criteria
4 vulnerabilities found for via_connect2_firmware by kramerav
CVE-2023-33469 (GCVE-0-2023-33469)
Vulnerability from nvd – Published: 2023-08-09 00:00 – Updated: 2024-10-10 16:13
VLAI
Summary
In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| kramerav | via_connect2 |
Affected:
0 , < 4.0.1.1326
(custom)
cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:* |
|
| kramerav | via_go2 |
Affected:
0 , < 4.0.1.1326
(custom)
cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:05.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://kramerav.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "via_connect2",
"vendor": "kramerav",
"versions": [
{
"lessThan": "4.0.1.1326",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "via_go2",
"vendor": "kramerav",
"versions": [
{
"lessThan": "4.0.1.1326",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33469",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:11:55.394729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:13:16.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://kramerav.com"
},
{
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33469",
"datePublished": "2023-08-09T00:00:00.000Z",
"dateReserved": "2023-05-22T00:00:00.000Z",
"dateUpdated": "2024-10-10T16:13:16.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33468 (GCVE-0-2023-33468)
Vulnerability from nvd – Published: 2023-08-09 00:00 – Updated: 2024-10-10 16:14
VLAI
Summary
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| kramerav | via_connect2 |
Affected:
0 , < 4.0.1.1326
(custom)
cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:* |
|
| kramerav | via_go2 |
Affected:
0 , < 4.0.1.1326
(custom)
cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:05.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://kramerav.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "via_connect2",
"vendor": "kramerav",
"versions": [
{
"lessThan": "4.0.1.1326",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "via_go2",
"vendor": "kramerav",
"versions": [
{
"lessThan": "4.0.1.1326",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33468",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:13:48.181350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:14:37.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://kramerav.com"
},
{
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33468",
"datePublished": "2023-08-09T00:00:00.000Z",
"dateReserved": "2023-05-22T00:00:00.000Z",
"dateUpdated": "2024-10-10T16:14:37.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33468 (GCVE-0-2023-33468)
Vulnerability from cvelistv5 – Published: 2023-08-09 00:00 – Updated: 2024-10-10 16:14
VLAI
Summary
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| kramerav | via_connect2 |
Affected:
0 , < 4.0.1.1326
(custom)
cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:* |
|
| kramerav | via_go2 |
Affected:
0 , < 4.0.1.1326
(custom)
cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:05.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://kramerav.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "via_connect2",
"vendor": "kramerav",
"versions": [
{
"lessThan": "4.0.1.1326",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "via_go2",
"vendor": "kramerav",
"versions": [
{
"lessThan": "4.0.1.1326",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33468",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:13:48.181350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:14:37.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://kramerav.com"
},
{
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33468",
"datePublished": "2023-08-09T00:00:00.000Z",
"dateReserved": "2023-05-22T00:00:00.000Z",
"dateUpdated": "2024-10-10T16:14:37.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33469 (GCVE-0-2023-33469)
Vulnerability from cvelistv5 – Published: 2023-08-09 00:00 – Updated: 2024-10-10 16:13
VLAI
Summary
In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| kramerav | via_connect2 |
Affected:
0 , < 4.0.1.1326
(custom)
cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:* |
|
| kramerav | via_go2 |
Affected:
0 , < 4.0.1.1326
(custom)
cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:47:05.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://kramerav.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "via_connect2",
"vendor": "kramerav",
"versions": [
{
"lessThan": "4.0.1.1326",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "via_go2",
"vendor": "kramerav",
"versions": [
{
"lessThan": "4.0.1.1326",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33469",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:11:55.394729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:13:16.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-09T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://kramerav.com"
},
{
"url": "https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-33469",
"datePublished": "2023-08-09T00:00:00.000Z",
"dateReserved": "2023-05-22T00:00:00.000Z",
"dateUpdated": "2024-10-10T16:13:16.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}