PatchSiren

Optigo Networks CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Optigo Networks CVE published 2025-05-06

CVE-2025-4041

CVE-2025-4041 is a Critical issue in Optigo Networks ONS NC600 devices running versions 4.2.1-084 through 4.7.2-330. CISA’s advisory says an attacker who can connect to the device’s SSH server can use system components to perform OS command execution. The supplied CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates a network-reachable condition with no privileges or user interaction required and p [truncated]

HIGH Optigo Networks CVE published 2025-03-11

CVE-2025-2081

CISA’s 2025-03-11 advisory says Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 can be affected by an attacker impersonating the web application service and misleading victim clients. The published CVSS v3.1 score is 7.5 HIGH, with network access, no privileges, no user interaction, and high availability impact. The vendor’s recommended fix is to upgrad [truncated]

CRITICAL Optigo Networks CVE published 2025-03-11

CVE-2025-2080

CVE-2025-2080 is a critical vulnerability in Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11. CISA’s advisory states the products contain an exposed web management service that could let an attacker bypass authentication measures and gain control over utilities within the products. The published CVSS v3.1 score is 9.8 (Critical). Optigo’s remediation is [truncated]

CRITICAL Optigo Networks CVE published 2024-10-01

CVE-2024-45367

CVE-2024-45367 is a critical authentication bypass vulnerability in the Optigo Networks ONS-S8 Spectra Aggregation Switch, published by CISA on October 1, 2024. The device's web server contains an incomplete authentication process that allows attackers to authenticate without providing a password, enabling unauthorized administrative access to the switch management interface. The vulnerability affects ONS [truncated]

CRITICAL Optigo Networks CVE published 2024-10-01

CVE-2024-41925

CVE-2024-41925 is a critical vulnerability in the Optigo Networks ONS-S8 Spectra Aggregation Switch, published by CISA on October 1, 2024. The web service contains functions that fail to properly validate user input, enabling attackers to perform directory traversal, bypass authentication, and execute remote code. The affected product is ONS-S8 firmware version 1.3.7 and earlier. No patch is currently ava [truncated]