Lucene search
K

115 matches found

Prion
Prion
added 2022/11/23 2:15 a.m.18 views

Remote code execution

Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diagtracertadmin.asp " in the "PingTest" parameter that leads to command execution...

7.5CVSS9.9AI score0.41443EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/23 2:15 a.m.21 views

Cross site request forgery (csrf)

A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp "...

2.6CVSS4.4AI score0.00311EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/23 2:15 a.m.13 views

Cross site request forgery (csrf)

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp "...

4.3CVSS4.9AI score0.00376EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/23 2:15 a.m.16 views

Design/Logic Flaw

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an attacker to upload arbitrary files through " /mgmdevupgrade.asp " which can "delete every file for Denial of Service using 'rm -rf .' in the code, reverse connection using '.asp' webshell,...

7.5CVSS9.3AI score0.01057EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/23 2:15 a.m.17 views

Cross site request forgery (csrf)

A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery CSRF attack to change the Password for "WLAN SSID" through "wlwpa.asp"...

4.3CVSS6.6AI score0.00428EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/23 2:15 a.m.17 views

Cross site request forgery (csrf)

A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to Add Network Traffic Control Type Rule...

4.3CVSS4.9AI score0.00351EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/23 2:15 a.m.20 views

Cross site request forgery (csrf)

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to Reset ONU to Factory Default through ' /mgmdevreset.asp.' Resetting to default leads to Escalation o...

6.8CVSS8.7AI score0.00531EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/23 2:15 a.m.18 views

Cross site request forgery (csrf)

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to cause a Denial of Service by Rebooting the router through " /mgmdevreboot.asp."...

4.3CVSS6.5AI score0.00457EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/11/23 1:15 a.m.23 views

CVE-2020-23585

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

8.8CVSS0.00514EPSS
Exploits0References1
OSV
OSV
added 2022/11/23 1:15 a.m.4 views

CVE-2020-23593

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

6.5CVSS5.3AI score0.00435EPSS
Exploits0References1
NVD
NVD
added 2022/11/23 1:15 a.m.34 views

CVE-2020-23583

OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diagpingadmin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system...

9.8CVSS0.02088EPSS
Exploits0References1
NVD
NVD
added 2022/11/23 1:15 a.m.28 views

CVE-2020-23593

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

6.5CVSS0.00435EPSS
Exploits0References1
OSV
OSV
added 2022/11/23 1:15 a.m.6 views

CVE-2020-23583

OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diagpingadmin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system...

9.8CVSS6AI score0.02088EPSS
Exploits0References1
OSV
OSV
added 2022/11/23 1:15 a.m.4 views

CVE-2020-23585

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

8.8CVSS5.7AI score0.00514EPSS
Exploits0References1
Prion
Prion
added 2022/11/23 1:15 a.m.28 views

Remote code execution

OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diagpingadmin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system...

7.5CVSS9.7AI score0.02088EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/23 1:15 a.m.17 views

Cross site request forgery (csrf)

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

4.3CVSS6.6AI score0.00435EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/11/23 1:15 a.m.16 views

Cross site request forgery (csrf)

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

6.8CVSS8.7AI score0.00514EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.6 views

CVE-2020-23585

A remote attacker can conduct a cross-site request forgery CSRF attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgmconfigfile.asp" because of which attacker can create a crafted "csrf for...

7.1AI score0.00514EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.6 views

CVE-2020-23586

A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to Add Network Traffic Control Type Rule...

4.8AI score0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.32 views

CVE-2020-23593

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

6.6AI score0.00435EPSS
Exploits0References1
Rows per page
Query Builder