39 matches found
Default credentials
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page...
Design/Logic Flaw
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter DynDns settings of the Dynamic DNS Configuration...
Cross site request forgery (csrf)
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs...
Design/Logic Flaw
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi aka the Keyword field of the URL Blocking Configuration...
Design/Logic Flaw
On Netis DL4323 devices, pingrttv6.html has XSS Ping6 Diagnostic...
Netis DL4323 Cross-Site Request Forgery Vulnerability
NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site request forgery vulnerability exists in the NETCORE Netis DL4323. The vulnerability arises from a WEB application that does not adequately verify that a request is from a trusted user. An attacker could exploit this...
Netis DL4323 Cross-Site Scripting Vulnerability (CNVD-2020-02549)
NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the pingrttv6.html page in the NETCORE Netis DL4323. The vulnerability stems from the WEB application lacking proper validation of client data. An attacker can exploit the...
CVE-2019-20070
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi aka the Keyword field of the URL Blocking Configuration...
CVE-2019-20071
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs...
CVE-2019-20072
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter Dynamic DNS Configuration...
CVE-2019-20072
CVE-2019-20072 corresponds to a cross-site scripting vulnerability in Netis DL4323 devices, exploitable via the hostname parameter in form2Ddns.cgi used for Dynamic DNS configuration. The issue stems from insufficient input validation in the web application, enabling execution of arbitrary client...
CVE-2019-20073
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter User Account Configuration...
CVE-2019-20074
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page...
CVE-2019-20075
On Netis DL4323 devices, pingrttv6.html has XSS Ping6 Diagnostic...
CVE-2019-20076
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter DynDns settings of the Dynamic DNS Configuration...
NETIS SYSTEMS DL4323 Information Disclosure Vulnerability
NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. An information disclosure vulnerability exists in the NETCORE Netis DL4323, which can be exploited by an attacker to view sensitive information user passwords or FTP passwords...
NETCORE Netis DL4323 Cross-Site Scripting Vulnerability (CNVD-2020-01650)
NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the NETCORE Netis DL4323, which stems from the lack of proper validation of client data by the WEB application, and can be exploited by an attacker to execute client code...
NETCORE Netis DL4323 Cross-Site Scripting Vulnerability
NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the NETCORE Netis DL4323, which stems from the lack of proper validation of client data by the WEB application, and can be exploited by an attacker to execute client code...
NETCORE Netis DL4323 Cross-Site Scripting Vulnerability (CNVD-2020-01648)
NETCORE Netis DL4323 is a multi-function modem from China's NETCORE. A cross-site scripting vulnerability exists in the NETCORE Netis DL4323, which stems from the lack of proper validation of client data by the WEB application, and can be exploited by an attacker to execute client code...