Nexo cordless nutrunner nxa011s-36v (0608842011)
This hub aggregates every CVE we track for Nexo cordless nutrunner nxa011s-36v (0608842011), a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
25
CVEs tracked
0
Critical
11
High
0
In CISA KEV
Severity distribution
MEDIUM14HIGH11
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Nexo cordless nutrunner nxa011s-36v (0608842011).
- CVE-2023-48266The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.8.1
- CVE-2023-48265The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.8.1
- CVE-2023-48264The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.8.1
- CVE-2023-48263The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.8.1
- CVE-2023-48262The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.8.1
- CVE-2023-48261The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.5.3
- CVE-2023-48260The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.5.3
- CVE-2023-48259The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.5.3
- CVE-2023-48258The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session.5.5
- CVE-2023-48257The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be...7.8
- CVE-2023-48256The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request.5.3
- CVE-2023-48255The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via ...6.3
- CVE-2023-48254The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.5.3
- CVE-2023-48253The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible...8.8
- CVE-2023-48252The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.8.8
Product normalization is registry-driven with AI assist and human review. How it works