16 matches found
EUVD-2020-26939
Malware in sbrugna...
CVE-2020-5783
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms...
CVE-2020-5783
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms...
CVE-2020-5781
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...
CVE-2020-5782
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...
CVE-2020-5781
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...
CVE-2020-5782
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...
Design/Logic Flaw
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...
Design/Logic Flaw
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...
Cross site request forgery (csrf)
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms...
CVE-2020-5781
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file /etc/config/luci by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users...
CVE-2020-5781
Vulnerability CVE-2020-5781 affects IgniteNet HeliOS GLinq v2.2.1 r2961. The langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function; when manipulated with arbitrary JavaScript, this triggers a denial-of-service condition for all ...
CVE-2020-5782
In IgniteNet HeliOS GLinq v2.2.1 r2961, a login action that sets the ‘wan_type’ parameter can render the WAN interface unreachable, causing a denial-of-service condition for devices relying on that connection. This is the core vulnerability described across multiple sources (NVD, Red Hat, PRION, ...
CVE-2020-5782
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wantype’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection...
CVE-2020-5783
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms...
CVE-2020-5783
CVE-2020-5783 affects IgniteNet HeliOS GLinq v2.2.1 r2961. The connected documents provide concrete detail: the login functionality lacks CSRF protection, creating a CSRF risk for authenticated sessions. No explicit exploit details, affected components beyond the login mechanism, or remediation s...