| Vendor | Products | CVEs | KEV | Avg EPSS | Worst Severity |
|---|
| 3 | 5 | 0 | 35.1% | CRITICAL |
| CVE ID | Description | Severity | CVSS | KEV | EPSS | Published | |
|---|
| CVE-2025-59818 | This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file. | CRITICAL | 9.8 | — | 37.7% | Feb 4, 2026 | |
| CVE-2025-64093 | Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. | CRITICAL | 9.8 | — | 48.9% | Jan 9, 2026 | |
| CVE-2025-64092 | This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | HIGH | 7.5 | — | 29.1% | Jan 9, 2026 | |
| CVE-2025-64091 | This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | HIGH | 8.8 | — | 23.6% | Jan 9, 2026 | |
| CVE-2025-64090 | This vulnerability allows authenticated attackers to execute commands via the hostname of the device. | HIGH | 8.8 | — | 28.1% | Jan 9, 2026 | |