Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vasion Print (formerly PrinterLogic) Unauthenticated Firmware Update Endpoint RCE
Vulnerability Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every Docker image contains the appliance’s private GPG key and hard-coded passphrase. An attacker who extracts the key and obtains a token can decrypt, modify, re-sign, upload, and trigger malicious firmware, gaining remote code execution. This vulnerability has been identified by the vendor as: V-2024-020 — Remote Code Execution.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Vasion Print Virtual Appliance Host 安全漏洞
Vulnerability Description
Vasion Print Virtual Appliance Host是美国Vasion公司的一个打印管理软件。 Vasion Print Virtual Appliance Host 22.0.1026之前版本存在安全漏洞,该漏洞源于未经验证的固件上传流程和硬编码凭证,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A