Browse all 4 CVE security advisories affecting Device42. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Device42 provides IT asset management and data center infrastructure documentation solutions. Historically, its vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and access control weaknesses. The platform has faced security incidents where authenticated attackers could execute arbitrary code or access sensitive data due to unpatched vulnerabilities. With only four CVEs recorded, Device42 maintains a relatively low vulnerability count compared to similar tools, though its exposure to RCE and privilege escalation risks remains notable for organizations relying on its asset management capabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-1401 | Insufficient validation of provided paths in Exago WrImageResource.axd — CMDBCWE-863 | 6.9 | Medium | 2022-08-16 |
| CVE-2022-1410 | Remote Code Execution in Device42 ApplianceManager console — CMDBCWE-78 | 8.0 | High | 2022-08-16 |
| CVE-2022-1400 | Hardcoded encryption key IV in Exago WebReportsApi.dll — CMDBCWE-321 | 7.1 | High | 2022-08-16 |
| CVE-2022-1399 | Remote code execution in scheduled tasks component — CMDBCWE-88 | 9.1 | Critical | 2022-08-16 |
This page lists every published CVE security advisory associated with Device42. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.