96 matches found
CVE-2024-5786
CVE-2024-5786 is a Cross-Site Request Forgery vulnerability reported in the Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. The issue is a CSRF flaw that could coerce an authenticated user to perform unwanted actions in the router’s web interface. The available connected r...
CVE-2024-5786 Cross-Site Request Forgery vulnerability in Comtrend router
Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated...
CVE-2024-5785 Command injection vulnerability in Comtrend router
Command injection vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”...
CVE-2024-5785 Command injection vulnerability in Comtrend router
Command injection vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”...
Comtrend router WLD71-T1 Operating System Command Injection Vulnerability
Comtrend router WLD71-T1 is a router from China Comtrend Telecom Comtrend. An operating system command injection vulnerability exists in the Comtrend Router WLD71-T1 v2.0.201820 version, which stems from susceptibility to command injection and could allow an authenticated user to execute commands...
Comtrend router WLD71-T1 cross-site request forgery vulnerability
Comtrend router WLD71-T1 is a router from China Comtrend Telecom Comtrend. A cross-site request forgery vulnerability exists in Comtrend router WLD71-T1 version v2.0.201820, which stems from vulnerability to a cross-site request forgery attack that allows an attacker to force an end user to perfo...
CVE-2018-8062
A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...
CVE-2018-8062
A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...
Cross site scripting
A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...
CVE-2018-8062
CVE-2018-8062 affects the Comtrend AR-5387un router family (firmware A731-410JAZ-C04_R02.A2pD035g.d23i). The vulnerability is an XSS flaw in the WAN Service Description parameter during WAN service creation, enabling injection of arbitrary script/HTML. Public sources describe a persistent XSS var...
CVE-2018-8062
A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...
Comtrend AR-5387un Cross Site Scripting
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...
Comtrend AR-5387un router - Persistent XSS (Authenticated)
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...
Comtrend Command Injection (CVE-2020-10173)
A command injection vulnerability exists in Comtrend. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
VulnCheck KEV: CVE-2020-10173
Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...
Comtrend VR-3033 Command Injection Vulnerability
The Comtrend VR-3033 is a high power 802.11n 300Mbps single line VDSL router. The Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m suffers from a command injection vulnerability. A remote authenticated attacker could exploit this vulnerability via the ping and traceroute diagnostic pages to ta...
CVE-2020-10173
Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...
CVE-2020-10173
Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...
Command injection
Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...
CVE-2020-10173
Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi...