2912 matches found
CVE-2019-6961
CVE-2019-6961 concerns the RDK WebUI module (RDKB-20181217-1) where access control for non-superuser actions is only enforced for GET requests; direct AJAX/POST requests bypass filtering in header.php, allowing a logged-in user to alter privileged settings (DDNS, QoS, RIP, etc.). The vulnerabilit...
CVE-2019-6961
Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations intended only for the network operator by sending an HTTP POST to the PHP backend, because the page filtering for...
CVE-2019-3411
All versions up to BDR218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components...
Information disclosure
All versions up to BDR218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components...
CVE-2019-3411
All versions up to BDR218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components...
CVE-2019-6814
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...
Authentication flaw
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...
CVE-2019-6814
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...
CVE-2019-6814
CVE-2019-6814 affects Schneider Electric Pelco Endura NET55XX Encoder families with firmware versions prior to 2.1.9.7, due to CWE-287 Improper Authentication. A remote attacker could craft a malicious request to the encoder webUI, leading to an authentication bypass impacting confidentiality, in...
Schneider Electric NET55XX Encoder Access Control Error Vulnerability
The Schneider Electric NET55XX Encoder is a video encoder from Schneider Electric France. An access control error vulnerability exists in the Schneider Electric NET55XX Encoder using firmware versions prior to 2.1.9.7. When a remote attacker sends a malicious request to the encoder webUI,...
Design/Logic Flaw
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request...
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request...
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request...
CVE-2019-11816
CVE-2019-11816 affects the WebUI of OPNsense prior to 19.1.8 and pfSense prior to 2.4.4-p3. The root cause is incorrect access control, allowing remote authenticated users to escalate privileges to administrator via a specially crafted request. Affected products: OPNsense (WebUI) and pfSense (Web...
CVE-2019-11816
Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request...
Design/Logic Flaw
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections...
CVE-2018-13993
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF...
Information disclosure
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images...
Cross site request forgery (csrf)
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF...
CVE-2018-13991
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images...