40 matches found
CVE-2018-25151
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
CVE-2018-25152 Ecessa Edge EV150 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/plweb.cgi/utilconfigloginact endpoint to add...
CVE-2018-25152 Ecessa Edge EV150 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/plweb.cgi/utilconfigloginact endpoint to add...
CVE-2018-25151 Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
CVE-2018-25151 Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
CVE-2018-25152
CVE-2018-25152 affects Ecessa Edge EV150 10.7.4. A cross-site request forgery allows unauthenticated attackers to add superuser accounts by crafting a page that submits to /cgi-bin/pl_web.cgi/util_configlogin_act. The connected sources confirm the vulnerable component, the endpoint, and the impac...
CVE-2018-25150 Ecessa ShieldLink SL175EHQ 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...
CVE-2018-25150 Ecessa ShieldLink SL175EHQ 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...
Ecessa ShieldLink SL175EHQ 跨站请求伪造漏洞
Ecessa ShieldLink SL175EHQ is a multilink load balancing gateway from Ecessa USA. A cross-site request forgery vulnerability exists in Ecessa ShieldLink SL175EHQ version 10.7.4, which stems from susceptibility to a cross-site request forgery attack that could lead to the creation of an...
PT-2025-53370
Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator...
PT-2025-53371
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an...
Ecessa WANWorx WVR-30 跨站请求伪造漏洞
The Ecessa WANWorx WVR-30 is a software-defined WAN appliance from Ecessa Corporation, USA. A cross-site request forgery vulnerability exists in the Ecessa WANWorx WVR-30 versions prior to 10.7.4, which stems from susceptibility to a cross-site request forgery attack that could lead to the...
PT-2025-53372
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/pl web.cgi/util configlogin act endpoint to...
Ecessa Edge EV150 跨站请求伪造漏洞
Ecessa Edge EV150 is a multilink load balancer from Ecessa USA. A cross-site request forgery vulnerability exists in Ecessa Edge EV150 version 10.7.4, which stems from vulnerability to a cross-site request forgery attack that could lead to the creation of an administrator account...
EUVD-2018-4982
Malware in sbrugna...
Ecessa ShieldLink Detection (SNMP)
Checks if the target is an Ecessa ShieldLink or PowerLink device, and, if so, retrieves the version using SNMP. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Ecessa ShieldLink / PowerLink Detection Consolidation
Consolidation of Ecessa ShieldLink or PowerLink detections. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Ecessa ShieldLink/PowerLink Detection (Telnet)
Checks if the target is an Ecessa ShieldLink or PowerLink device, and, if so, retrieves the version using Telnet. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
ECESSA ShieldLink SL175EHQ Cross-Site Request Forgery Vulnerability
ECESSA ShieldLink SL175EHQ is a WAN link controller from ECESSA, which includes ISP/WAN link aggregation, load balancing and traffic monitoring. A cross-site request forgery vulnerability exists in ECESSA ShieldLink SL175EHQ version 10.7.4. A remote attacker can exploit this vulnerability to add ...
CVE-2018-13032
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/plweb.cgi/utilconfigloginact URI...