CVE-2021-25327

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery CSRF vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting XSS...

Cross site request forgery (csrf)

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery CSRF vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting XSS...

Crestron Multiple Products CTP Console ROUTEADD Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ROUTEADD command of the CTP console. The issue results from the...