Westermo DR-250, DR-260 and MR-260 Cross-site Scripting (CVE-2018-19614)

XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

CVE-2018-19612

The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code...

Code injection

The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code...

CVE-2018-19612

The CVE-2018-19612 issue affects Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers, where the /uploadfile? feature allows remote attackers to upload malicious file types and execute ASP code. The vulnerability originates from the upload functionality, enabling unauthenticated or unauthenticate...

CVE-2018-19613

The CVE-2018-19613 entry covers CSRF in Westermo DR-250 Pre-5162, DR-260 Pre-5162, and MR-260 devices. Public sources in the connected documents confirm the vulnerability exists in these routers; no root-cause or patch details are provided in the supplied materials. The records indicate cross-sit...

Westermo DR-260, DR-250 and MR-260 Cross-Site Request Forgery Vulnerabilities

Westermo DR-260 and others are products of the Swedish company Westermo.Westermo DR-260 is a DSL router.Westermo DR-250 is a DSL router.Westermo MR-260 is a 3G multimedia router.Westermo MR-260 is a 3G multimedia router.Westermo MR-260 is a 3G multimedia router.Westermo MR-260 is a 3G multimedia...

CVE-2018-19614

XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers...

Cross site scripting

XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers...

CVE-2018-19614

XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers...

CVE-2018-19614

Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers are affected by a Cross‑Site Scripting (XSS) vulnerability in the web UI path /cmdexec/cmdexe?cmd=, arising from insufficient validation of client data in the web application. The issue can allow an attacker to inject and execute client‑side co...