Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.5 views

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

6.1CVSS6.4AI score0.07253EPSS
Exploits5References1
ThreatPost
ThreatPost
added 2020/04/08 6:46 p.m.76 views

Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers

A new botnet has compromised hundreds of ASUS, D-Link and Dasan Zhone routers over the past three months, as well as Internet of Things IoT devices like video recorders and thermal cameras. The botnet, called darknexus based on a string it prints in its banner, uses processes similar to previous...

10CVSS0.97136EPSS
Exploits16References13
CNVD
CNVD
added 2019/09/06 12:0 a.m.5 views

DASAN Zhone ZNID GPON 2426A EU Cross-Site Scripting Vulnerability

DASAN Zhone ZNID GPON 2426A EU is a wireless router from DASAN Korea. A cross-site scripting vulnerability exists in DASAN Zhone ZNID GPON 2426A EU S3.1.285 and earlier versions. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can...

6.1CVSS6.4AI score0.07253EPSS
Exploits5References1
NVD
NVD
added 2019/09/05 2:15 p.m.29 views

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

6.1CVSS6.1AI score0.07253EPSS
Exploits5References4
OSV
OSV
added 2019/09/05 2:15 p.m.5 views

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

6.1CVSS6.5AI score0.07253EPSS
Exploits5References4
Prion
Prion
added 2019/09/05 2:15 p.m.16 views

Cross site scripting

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

4.3CVSS6AI score0.07253EPSS
Exploits5References4Affected Software1
CVE
CVE
added 2019/09/05 1:23 p.m.79 views

CVE-2019-10677

CVE-2019-10677 affects DASAN Zhone ZNID GPON 2426A EU (S3.1.285 and earlier). The flaw is a lack of proper validation/sanitization in the web interface, enabling Cross-Site Scripting via unsanitized GET parameters: /zhndnsdisplay.cmd (name) and /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). Docum...

6.1CVSS6.1AI score0.07253EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2019/09/05 1:23 p.m.32 views

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

6.1AI score0.07253EPSS
Exploits5References4
0day.today
0day.today
added 2019/09/05 12:0 a.m.53 views

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Vulnerabilities

Exploit for hardware platform in category web applications Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Titl...

4.3CVSS0.07253EPSS
Exploits5
exploitpack
exploitpack
added 2019/09/04 12:0 a.m.41 views

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit...

4.3CVSS6.2AI score0.07253EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/09/04 12:0 a.m.298 views

DASAN Zhone ZNID GPON 2426A EU Cross Site Scripting

Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...

6.4AI score0.07253EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/04 12:0 a.m.350 views

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...

6.1CVSS6.5AI score0.07253EPSS
Exploits5
The Hacker News
The Hacker News
added 2018/05/23 9:15 a.m.3 views

Hackers are exploiting a new zero-day flaw in GPON routers

Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven't yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild. Security researchers from...

9.8CVSS8.3AI score0.99948EPSS
Exploits10
The Hacker News
The Hacker News
added 2018/05/23 9:15 a.m.306 views

Hackers are exploiting a new zero-day flaw in GPON routers

Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven't yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild. Security researchers from...

9.8CVSS10AI score0.99948EPSS
Exploits10
Rows per page
Query Builder