22 matches found
Cross site scripting
Cross-site scripting vulnerability in multiple FXC Inc. network devices Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Powe...
CVE-2018-0679
Cross-site scripting vulnerability in multiple FXC Inc. network devices Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Powe...
CVE-2018-0679
Cross-site scripting vulnerability in multiple FXC Inc. network devices Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Powe...
JVN#68528150: Multiple FXC network devices vulnerable to cross-site scripting
Multiple network devices provided by FXC Inc. contain a stored cross-site scripting vulnerability CWE-79. Impact If an attacker with administrative rights logs in the Management GUI and embeds a specially crafted script, then that script may be executed on another administrator's web browser...
JVN#71329812: WL-330NUL vulnerable to cross-site request forgery
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in the management screen, unintended operations may be performed on the device. Solution Update the...
JVN#73742314: RT-AC68U vulnerable to cross-site scripting
RT-AC68U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC68U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...
JVN#33901663: RT-AC87U vulnerable to cross-site scripting
RT-AC87U provided by ASUS Japan Inc. is a wireless LAN router. RT-AC87U contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the firmware update according to the information provided by the...
JVN#15201064: Multiple vulnerabilities in CG-WGR1200
CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#74871939: WSR-300HP vulnerable to arbitrary code execution
WSR-300HP provided by BUFFALO INC. is a wireless LAN router. WSR-300HP contains an arbitrary code execution vulnerability. Impact By executing a specially crafted request prepared by a remote attacker, arbitrary code may be executed. Solution Update the Firmware Apply the firmware update accordin...
JVN#05340005: WCR-1166DS vulnerable to OS command injection
WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Impact A user who can access the administrative console of the device may execute an arbitrary OS command. Solution Update the Firmware Apply the firmware update accordin...
JVN#01312667: Multiple vulnerabilities in I-O DATA WN-AX1167GR
WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below. Hard-coded credentials CWE-798 - CVE-2017-2280 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
JVN#24348065: Multiple vulnerabilities in HOME SPOT CUBE2
HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains multiple vulnerabilities listed below. OS command injection in Clock Settings CWE-78 - CVE-2017-2183 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score...
JVN#01537659: WN-AC1167GR vulnerable to cross-site scripting
WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability CWE-79. Impact If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user's web browser. Solution Update the Firmware...
JVN#92237169: CG-WLR300NX vulnerable to cross-site scripting
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Update to the latest version of firmware according to the information...
JVN#23549283: CG-WLR300NX fails to restrict access permissions
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions. Impact An attacker who can access the product may perform an arbitrary operation in the product while an administrator logs in. Solution Update the Firmware Update to the latest version ...
JVN#22978346: WN-G300R Series vulnerable to cross-site scripting
WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Firmware Apply the appropriate firmware update provide...
JVN#25674893: WN-GDN/R3 Series does not limit authentication attempts
WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Impact An unauthenticated attacker within wireless range of the device may perform a brute...
JVN#50775659: CG-WLBARAGM may behave as an open proxy
CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy. Impact The device may be leveraged as a proxy server to conduct cyber attacks. Solution Apply a Workaround The following workaround may mitigate the affects of this...
JVN#69462495: WL-330NUL information management vulnerability
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. Impact An attacker that can access the product may obtain the WPA2-PSK passphrase. Solution Update the Firmware Update the firmware to the latest version according to th...
JVN#34489380: WL-330NUL vulnerable to remote command execution
WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability. Impact An attacker that can access the product may execute an arbitrary command with administrative privileges. Solution Update the Firmware Update the firmware to...