📦 Maxtime
by Q Free
🔍 What is Maxtime?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows unauthenticated remote attackers to reset user PINs in Q-Free MaxTime systems via crafted HTTP requests. It affects all Q-Free MaxTime installations running version 2.11.0 or...
CVE-2025-26361 allows unauthenticated remote attackers to factory reset Q-Free MaxTime devices via crafted HTTP requests due to missing authentication on critical functions. This affects all Q-Free Ma...
This vulnerability allows unauthenticated remote attackers to enable passwordless guest mode in Q-Free MaxTime systems via crafted HTTP requests. It affects all Q-Free MaxTime installations running ve...
This vulnerability allows unauthenticated remote attackers to edit user permissions in Q-Free MaxTime traffic management systems via crafted HTTP requests. It affects all Q-Free MaxTime installations ...
This vulnerability allows unauthenticated remote attackers to send crafted HTTP requests to Q-Free MaxTime traffic management systems, potentially compromising device confidentiality, integrity, and a...
This vulnerability allows unauthenticated remote attackers to reset arbitrary user passwords in Q-Free MaxTime systems via crafted HTTP requests. It affects all installations running version 2.11.0 or...
CVE-2025-1100 is a critical vulnerability in Q-Free MaxTime traffic management software where a hard-coded root password allows unauthenticated remote attackers to gain complete system control via SSH...
A missing authorization vulnerability in Q-Free MaxTime allows authenticated low-privileged users to reset passwords, including administrator accounts, via crafted HTTP requests. This affects all inst...
This vulnerability allows authenticated low-privileged attackers to add users to groups in Q-Free MaxTime systems via crafted HTTP requests. It affects Q-Free MaxTime versions up to and including 2.11...
This vulnerability allows authenticated low-privileged attackers to remove users from groups in Q-Free MaxTime systems via crafted HTTP requests. It affects Q-Free MaxTime versions up to and including...
This vulnerability allows authenticated low-privileged users in Q-Free MaxTime systems to create new user accounts with arbitrary administrative privileges through crafted HTTP requests. It affects al...
This vulnerability allows authenticated low-privileged attackers to delete user accounts in Q-Free MaxTime systems via crafted HTTP requests. It affects all installations running version 2.11.0 or ear...
An unauthenticated remote attacker can disable authentication profile servers in Q-Free MaxTime traffic management systems by sending crafted HTTP requests. This affects all Q-Free MaxTime installatio...
This vulnerability allows unauthenticated remote attackers to enable front panel authentication on Q-Free MaxTime systems via crafted HTTP requests. It affects Q-Free MaxTime versions up to and includ...
An unauthenticated remote attacker can disable front panel authentication in Q-Free MaxTime systems via crafted HTTP requests. This affects all Q-Free MaxTime installations running version 2.11.0 or e...
A missing authorization vulnerability in Q-Free MaxTime allows authenticated low-privileged users to delete user groups via crafted HTTP requests. This affects all installations running version 2.11.0...
A missing authorization vulnerability in Q-Free MaxTime allows authenticated low-privileged users to escalate privileges by adding permissions to user groups via crafted HTTP requests. This affects al...
This vulnerability allows authenticated low-privileged attackers to remove privileges from user groups in Q-Free MaxTime traffic management systems. Attackers can escalate privileges or disrupt operat...
This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to overwrite sensitive files by manipulating file paths in HTTP requests. It affects Q-Free MaxTime versions u...
This vulnerability allows unauthenticated remote attackers to enable authentication profile servers in Q-Free MaxTime traffic management systems via crafted HTTP requests. It affects all Q-Free MaxTim...
This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to overwrite sensitive files by manipulating file paths in HTTP requests to the copy endpoint. It affects all ...
This vulnerability allows unauthenticated remote attackers to brute-force user PINs in Q-Free MaxTime parking management systems via crafted HTTP requests. Attackers can gain unauthorized access to sy...
This vulnerability allows authenticated remote attackers to overwrite arbitrary files on Q-Free MaxTime systems by exploiting a relative path traversal flaw in the file upload mechanism. Attackers can...
This vulnerability allows authenticated low-privileged attackers to enumerate user accounts in Q-Free MaxTime systems via crafted HTTP requests to the user endpoint. It affects organizations using Q-F...
This vulnerability allows authenticated low-privileged attackers to modify user data in Q-Free MaxTime systems via crafted HTTP requests. It affects all installations running version 2.11.0 or earlier...
This vulnerability allows authenticated low-privileged attackers to create arbitrary user groups in Q-Free MaxTime traffic management systems. Attackers can escalate privileges by creating administrat...
This vulnerability allows authenticated remote attackers to read sensitive files on Q-Free MaxTime systems via path traversal attacks. Attackers can access files outside the intended directory by craf...
This vulnerability allows authenticated remote attackers to upload malicious files to Q-Free MaxTime systems via template file uploads. Attackers can potentially execute arbitrary code or compromise t...
This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to delete sensitive files by manipulating HTTP requests. It affects all installations running version 2.11.0 o...
This path traversal vulnerability in Q-Free MaxTime allows authenticated remote attackers to delete sensitive files via crafted HTTP requests. It affects Q-Free MaxTime versions up to and including 2....
This SQL injection vulnerability in Q-Free MaxTime allows authenticated attackers to execute arbitrary SQL commands via crafted HTTP requests to the editUserGroupMenu endpoint. It affects all versions...
A CORS misconfiguration vulnerability in Q-Free MaxTime allows attackers to bypass origin validation and perform cross-origin attacks. This affects all unpatched Q-Free MaxTime systems up to version 2...