cvedb.io
CVE-2023-31245
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2023-05-22T20:15:10.807 · Last modified 2026-06-17T05:56:40.277

Summary

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.

Affected products

snapone — orvc

Does this affect you?

Add your gear to cvedb and we'll alert you only when snapone ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.