Filtered by vendor Gladinet
Subscriptions
Filtered by product Centrestack
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30406 | 1 Gladinet | 1 Centrestack | 2025-04-10 | 9 Critical |
| Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config. | ||||
| CVE-2023-26830 | 1 Gladinet | 1 Centrestack | 2025-02-18 | 7.2 High |
| An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server. | ||||
| CVE-2023-26829 | 1 Gladinet | 1 Centrestack | 2025-02-18 | 9.8 Critical |
| An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass. | ||||
| CVE-2024-37782 | 1 Gladinet | 1 Centrestack | 2024-11-27 | 9.8 Critical |
| An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field. | ||||
Page 1 of 1.