Lucene search
+L

39 matches found

Prion
Prion
added 2019/12/30 12:15 a.m.11 views

Default credentials

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page...

4CVSS8.7AI score0.01426EPSS
Exploits0References2
Prion
Prion
added 2019/12/30 12:15 a.m.19 views

Design/Logic Flaw

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter DynDns settings of the Dynamic DNS Configuration...

4.3CVSS6AI score0.01532EPSS
Exploits1References3
Prion
Prion
added 2019/12/30 12:15 a.m.14 views

Cross site request forgery (csrf)

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs...

5.8CVSS6.5AI score0.00774EPSS
Exploits1References3
Prion
Prion
added 2019/12/30 12:15 a.m.13 views

Design/Logic Flaw

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi aka the Keyword field of the URL Blocking Configuration...

4.3CVSS6AI score0.01436EPSS
Exploits1References3
Prion
Prion
added 2019/12/30 12:15 a.m.15 views

Design/Logic Flaw

On Netis DL4323 devices, pingrttv6.html has XSS Ping6 Diagnostic...

4.3CVSS6AI score0.01776EPSS
Exploits1References3
CNVD
CNVD
added 2019/12/30 12:0 a.m.2 views

Netis DL4323 Cross-Site Request Forgery Vulnerability

NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site request forgery vulnerability exists in the NETCORE Netis DL4323. The vulnerability arises from a WEB application that does not adequately verify that a request is from a trusted user. An attacker could exploit this...

6.5CVSS6.8AI score0.00774EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/30 12:0 a.m.3 views

Netis DL4323 Cross-Site Scripting Vulnerability (CNVD-2020-02549)

NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the pingrttv6.html page in the NETCORE Netis DL4323. The vulnerability stems from the WEB application lacking proper validation of client data. An attacker can exploit the...

6.1CVSS6.4AI score0.01776EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/12/29 11:30 p.m.25 views

CVE-2019-20070

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi aka the Keyword field of the URL Blocking Configuration...

6.1AI score0.01436EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/12/29 11:29 p.m.20 views

CVE-2019-20071

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs...

6.5AI score0.00774EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/12/29 11:29 p.m.21 views

CVE-2019-20072

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter Dynamic DNS Configuration...

6.1AI score0.01532EPSS
Exploits1References3
CVE
CVE
added 2019/12/29 11:29 p.m.103 views

CVE-2019-20072

CVE-2019-20072 corresponds to a cross-site scripting vulnerability in Netis DL4323 devices, exploitable via the hostname parameter in form2Ddns.cgi used for Dynamic DNS configuration. The issue stems from insufficient input validation in the web application, enabling execution of arbitrary client...

6.1CVSS6AI score0.01532EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/12/29 11:29 p.m.18 views

CVE-2019-20073

On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter User Account Configuration...

6.1AI score0.01776EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/12/29 11:29 p.m.21 views

CVE-2019-20074

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page...

8.8AI score0.01426EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/12/29 11:29 p.m.19 views

CVE-2019-20075

On Netis DL4323 devices, pingrttv6.html has XSS Ping6 Diagnostic...

6.1AI score0.01776EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/12/29 11:28 p.m.14 views

CVE-2019-20076

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter DynDns settings of the Dynamic DNS Configuration...

6.1AI score0.01532EPSS
Exploits1References3
CNVD
CNVD
added 2019/12/29 12:0 a.m.2 views

NETIS SYSTEMS DL4323 Information Disclosure Vulnerability

NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. An information disclosure vulnerability exists in the NETCORE Netis DL4323, which can be exploited by an attacker to view sensitive information user passwords or FTP passwords...

8.8CVSS6.3AI score0.01426EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/29 12:0 a.m.4 views

NETCORE Netis DL4323 Cross-Site Scripting Vulnerability (CNVD-2020-01650)

NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the NETCORE Netis DL4323, which stems from the lack of proper validation of client data by the WEB application, and can be exploited by an attacker to execute client code...

6.1CVSS6.4AI score0.01436EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/29 12:0 a.m.6 views

NETCORE Netis DL4323 Cross-Site Scripting Vulnerability

NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the NETCORE Netis DL4323, which stems from the lack of proper validation of client data by the WEB application, and can be exploited by an attacker to execute client code...

6.1CVSS6.4AI score0.01532EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/29 12:0 a.m.4 views

NETCORE Netis DL4323 Cross-Site Scripting Vulnerability (CNVD-2020-01648)

NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the NETCORE Netis DL4323, which stems from the lack of proper validation of client data by the WEB application, and can be exploited by an attacker to execute client code...

6.1CVSS6.4AI score0.01776EPSS
Exploits1References1
Rows per page
Query Builder