19 matches found
EUVD-2017-4147
Malware in sbrugna...
EUVD-2021-8039
Malicious code in bioql PyPI...
EUVD-2021-8040
Malicious code in bioql PyPI...
CVE-2023-3332
CVE-2023-3332 affects NEC Aterm models (WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N, WR8170N). Root cause: Improper Neutralization of Input During Web Page Generation. Impact: enables an att...
CVE-2023-3331
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a...
CVE-2021-20622
Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...
CVE-2021-20621
Cross-site request forgery CSRF vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2021-20621
Cross-site request forgery CSRF vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...
Multiple vulnerabilities in Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2
Overview Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2 provided by NEC Corporation contain multiple vulnerabilities. Aterm WF800HP: Cross-site Scripting CWE-79 - CVE-2021-20620 Aterm WG2600HP and Aterm WG2600HP2: Improper Access Control CWE-284 - CVE-2017-12575 Cross-Site Request Forgery...
JVN#38248512: Multiple vulnerabilities in Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2
Aterm WF800HP, Aterm WG2600HP, and Aterm WG2600HP2 provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF800HP: Cross-site Scripting CWE-79 - CVE-2021-20620 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...
Cross-Site Request Forgery Vulnerability in Multiple NEC Aterm Products
The NEC Aterm WG2600HP and others are a wireless router from NEC Corporation of Japan. A cross-site request forgery vulnerability exists in multiple Aterm products, which originates from a WEB application that does not adequately verify that a request is from a trusted user. An attacker could...
Cross-Site Scripting Vulnerability in Multiple NEC Aterm Products
The NEC Aterm WG2600HP and others are a wireless router from NEC Corporation of Japan. A cross-site scripting vulnerability exists in multiple Aterm products, which stems from a lack of proper validation of client-side data by the WEB application. The vulnerability can be exploited by an attacker...
Cross-Site Scripting Vulnerability in Multiple NEC Aterm Products
The NEC Aterm WG2600HP and others are a wireless router from NEC Corporation of Japan. A cross-site scripting vulnerability exists in multiple Aterm products, which stems from a lack of proper validation of client-side data by the WEB application. The vulnerability can be exploited by an attacker...
NEC Aterm WG2600HP2 Incorrect Access Control Vulnerability
NEC Aterm WG2600HP2 wireless LAN router is prone to an incorrect access control vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...
Authentication flaw
An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmwar...
CVE-2017-12575
CVE-2017-12575 affects NEC Aterm WG2600HP2 (and related WG2600HP variants). Connected sources describe an improper access control issue where web service APIs for the device configuration do not require authentication, allowing an attacker to retrieve sensitive data (e.g., DHCP clients, firmware ...
CVE-2017-12575
An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmwar...
NEC Aterm WG2600HP2 Information Disclosure Vulnerability
The WG2600HP2 is a router product from NEC. The NEC Aterm WG2600HP2 has an information disclosure vulnerability that could allow an attacker to retrieve the DHCP client by sending a crafted HTTP request...