6 matches found
CVE-2022-4982
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...
CVE-2022-4982 DBLTek GoIP-1 vGHSFVT-1.1-67-5 Unauthenticated LFI
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...
CVE-2022-4982
CVE-2022-4982 affects DBLTek GoIP-1 firmware up to GHSFVT-1.1-67-5, where the web server’s frame.html and frame.A100.html handlers accept a path parameter (content or sidebar) that is not properly validated or canonicalized, enabling local file inclusion via directory-traversal sequences. An atta...
CVE-2022-4982 DBLTek GoIP-1 vGHSFVT-1.1-67-5 Unauthenticated LFI
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...
VulnCheck KEV: CVE-2022-4982
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...
w3m Cross-Site Scripting Vulnerability
Overview w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame. Impact An remote attacker could execute arbitrary scripts and gain access to files or cookies. Solution Please refer to the 'Vendor Information' section for official remediation...