Lucene search
K

96 matches found

CVE
CVE
added 2024/06/10 12:14 p.m.51 views

CVE-2024-5786

CVE-2024-5786 is a Cross-Site Request Forgery vulnerability reported in the Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. The issue is a CSRF flaw that could coerce an authenticated user to perform unwanted actions in the router’s web interface. The available connected r...

6.5CVSS6.5AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/10 12:14 p.m.13 views

CVE-2024-5786 Cross-Site Request Forgery vulnerability in Comtrend router

Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated...

6.5CVSS7AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/10 12:13 p.m.12 views

CVE-2024-5785 Command injection vulnerability in Comtrend router

Command injection vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”...

8CVSS7.5AI score0.00885EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/10 12:13 p.m.24 views

CVE-2024-5785 Command injection vulnerability in Comtrend router

Command injection vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”...

8CVSS0.00885EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.7 views

Comtrend router WLD71-T1 Operating System Command Injection Vulnerability

Comtrend router WLD71-T1 is a router from China Comtrend Telecom Comtrend. An operating system command injection vulnerability exists in the Comtrend Router WLD71-T1 v2.0.201820 version, which stems from susceptibility to command injection and could allow an authenticated user to execute commands...

8CVSS7.7AI score0.00885EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.5 views

Comtrend router WLD71-T1 cross-site request forgery vulnerability

Comtrend router WLD71-T1 is a router from China Comtrend Telecom Comtrend. A cross-site request forgery vulnerability exists in Comtrend router WLD71-T1 version v2.0.201820, which stems from vulnerability to a cross-site request forgery attack that allows an attacker to force an end user to perfo...

6.5CVSS6.6AI score0.00184EPSS
Exploits0References2
NVD
NVD
added 2020/10/23 5:15 a.m.34 views

CVE-2018-8062

A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...

5.4CVSS0.00954EPSS
Exploits3References1
OSV
OSV
added 2020/10/23 5:15 a.m.4 views

CVE-2018-8062

A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...

5.4CVSS5.9AI score0.00954EPSS
Exploits3References1
Prion
Prion
added 2020/10/23 5:15 a.m.16 views

Cross site scripting

A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...

3.5CVSS5.3AI score0.00954EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2020/10/23 4:27 a.m.78 views

CVE-2018-8062

CVE-2018-8062 affects the Comtrend AR-5387un router family (firmware A731-410JAZ-C04_R02.A2pD035g.d23i). The vulnerability is an XSS flaw in the WAN Service Description parameter during WAN service creation, enabling injection of arbitrary script/HTML. Public sources describe a persistent XSS var...

5.4CVSS5.3AI score0.00954EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2020/10/23 4:27 a.m.40 views

CVE-2018-8062

A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...

5.3AI score0.00954EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.751 views

Comtrend AR-5387un Cross Site Scripting

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...

5.6AI score0.00954EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/10/20 12:0 a.m.459 views

Comtrend AR-5387un router - Persistent XSS (Authenticated)

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...

5.4CVSS5.6AI score0.00954EPSS
Exploits3
Check Point Advisories
Check Point Advisories
added 2020/06/08 12:0 a.m.6 views

Comtrend Command Injection (CVE-2020-10173)

A command injection vulnerability exists in Comtrend. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.8AI score0.77282EPSS
Exploits3
VulnCheck KEV
VulnCheck KEV
added 2020/05/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...

9CVSS7.3AI score0.77282EPSS
Exploits3References1
CNVD
CNVD
added 2020/03/06 12:0 a.m.4 views

Comtrend VR-3033 Command Injection Vulnerability

The Comtrend VR-3033 is a high power 802.11n 300Mbps single line VDSL router. The Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m suffers from a command injection vulnerability. A remote authenticated attacker could exploit this vulnerability via the ping and traceroute diagnostic pages to ta...

9CVSS7.4AI score0.77282EPSS
Exploits3References1
NVD
NVD
added 2020/03/05 3:15 p.m.31 views

CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...

9CVSS9.1AI score0.77282EPSS
Exploits3References1
OSV
OSV
added 2020/03/05 3:15 p.m.5 views

CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...

8.8CVSS7.3AI score0.77282EPSS
Exploits3References1
Prion
Prion
added 2020/03/05 3:15 p.m.22 views

Command injection

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...

9CVSS9.1AI score0.77282EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2020/03/05 2:36 p.m.35 views

CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...

9.2AI score0.77282EPSS
Exploits3References1
Rows per page
Query Builder