Known Vulnerabilities for products from Carrier
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Carrier".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-23192 | Not Provided | 2026-02-14 | 2026-04-03 | |
| CVE-2025-53213 | Not Provided | 2025-08-20 | 2026-04-01 | |
| CVE-2022-31486 | An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell com... | 8.8 - HIGH | 2022-06-06 | 2022-06-17 |
| CVE-2022-31485 | An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the we... | 5.3 - MEDIUM | 2022-06-06 | 2022-06-17 |
| CVE-2022-31484 | An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnera... | 7.5 - HIGH | 2022-06-06 | 2022-06-17 |
| CVE-2022-31483 | An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload t... | 8.8 - HIGH | 2022-06-06 | 2022-06-17 |
| CVE-2022-31482 | An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffe... | 7.5 - HIGH | 2022-06-06 | 2022-06-17 |
| CVE-2022-31481 | An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerabi... | 10 - CRITICAL | 2022-06-06 | 2022-06-17 |
| CVE-2022-31480 | An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Serv... | 7.5 - HIGH | 2022-06-06 | 2022-06-17 |
| CVE-2022-31479 | An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be ex... | 9.8 - CRITICAL | 2022-06-06 | 2023-06-29 |
| CVE-2022-26519 | There is no limit to the number of attempts to authenticate for the local configuration pages for the Hills ComNav Version 30... | 5.5 - MEDIUM | 2022-04-20 | 2022-04-29 |
| CVE-2022-1318 | Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuratio... | 5.5 - MEDIUM | 2022-04-20 | 2023-07-24 |
| CVE-2020-19762 | Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a X... | 6.1 - MEDIUM | 2021-02-22 | 2021-02-26 |
| CVE-2018-8819 | An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attack... | 7.5 - HIGH | 2018-06-14 | 2021-07-27 |
| CVE-2017-9650 | An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-V... | 7.8 - HIGH | 2017-08-25 | 2021-07-27 |
| CVE-2017-9644 | An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web ... | 7 - HIGH | 2017-08-25 | 2021-07-27 |
| CVE-2017-9640 | A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC ... | 6.3 - MEDIUM | 2017-08-25 | 2021-07-27 |
| CVE-2016-5795 | An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Vers... | 7.3 - HIGH | 2017-08-31 | 2021-07-27 |