CVE-2017-11647

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation...

CVE-2017-11645

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or systemconfig.html...

CVE-2017-11646

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device...

CVE-2017-11646

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device...

Cross site scripting

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation...

CVE-2017-11645

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or systemconfig.html...

CVE-2017-11647

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation...

CVE-2017-11645

The CVE-2017-11645 case affects NetComm Wireless 4GT101W routers (hardware 0.01 / software V1.1.8.8 / bootloader 1.1.3). The root cause is lack of authentication for logfile.html, status.html, and system_config.html, enabling an unauthenticated attacker to access sensitive information exposed by ...

CVE-2017-11646

NetComm Wireless 4GT101W routers (Hardware 0.01, Software V1.1.8.8, Bootloader 1.1.3) are vulnerable to Cross-Site Request Forgery (CSRF) as detailed in CVE-2017-11646. The affected component is the device web interface; the root cause is the absence of CSRF protections/tokens in administration.h...

CVE-2017-11646

NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device...

CVE-2017-11647

NetComm Wireless 4GT101W routers (Hardware 0.01 / Software 1.1.8.8 / Bootloader 1.1.3) are affected by CVE-2017-11647 due to a stored cross-site scripting vulnerability triggered by creating an SSID with an XSS payload. Exploitation involves injecting script via the SSID field, allowing script ex...

NetComm NB16WV-02 HTML Injection Vulnerability

The NetComm NB16WV-02 is a router product from NetComm Australia. The NetComm NB16WV-02 suffers from an HTML injection vulnerability that originates when a program fails to properly validate user-supplied input. When an unknowing user browses the affected site, an attacker could exploit the...

CVE-2017-5900

Cross-site scripting XSS vulnerability in the NetComm NB16WV-02 router with firmware NB16WVR0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm...

Cross site scripting

Cross-site scripting XSS vulnerability in the NetComm NB16WV-02 router with firmware NB16WVR0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm...

CVE-2017-5900

Cross-site scripting XSS vulnerability in the NetComm NB16WV-02 router with firmware NB16WVR0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm...

CVE-2017-5900

Cross-site scripting XSS vulnerability in the NetComm NB16WV-02 router with firmware NB16WVR0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm...

CVE-2017-5900

Concrete details across connected documents show a stored XSS vulnerability in NetComm NB16WV-02 router (firmware NB16WV_R0.09) via the S801F0334 parameter to hdd.htm. Exploitation path: authenticated users can inject arbitrary script that may execute in others’ browsers. The issue is described a...

NetComm NB16WV-02 Cross Site Scripting

Hi, Mitre has provided the following with the CVE number: CVE-2017-5900 there is a Stored XSS vulnerability in a NetComm router's model NB16WV-02 running version NB16WVR0.09, If authorized user is able to inject the following string POC: Authenticated user is required:...

NetCommWireless Wireless Router Remote Command Injection Vulnerability

NetCommWireless Wireless Router is a wireless router from NetComm Australia. A security vulnerability exists in NetCommWireless Wireless Router that allows remote attackers to submit a special request to execute arbitrary commands in an application context...

HELP NetCommWireless HSPA 3G10WVE Command Injection Vulnerability

HELP NetCommWireless HSPA 3G10WVE is a wireless router product from HELP UAE. A command injection vulnerability exists in the HELP NetCommWireless HSPA 3G10WVE, which allows remote attackers to submit a special request to inject arbitrary commands and execute them...