Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/08 12:0 a.m.•33 views

JVN#09717399: Piwigo vulnerable to cross-site scripting

Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided by the developer. According to t...

4.3CVSS6.7AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/07/15 12:0 a.m.•33 views

JVN#75990997: Cybozu Garoon vulnerable to access restriction bypass

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability CWE-264. Impact Portlets may be altered by another Cybozu Garoon user. Solution Update the Software Update to the lates...

4CVSS6.2AI score0.01107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/30 12:0 a.m.•33 views

JVN#31230946: Cybozu Garoon API access restriction bypass vulnerability

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability when using APIs. Impact Users who can log in to the system may delete schedule information that they do not have permission to edit. Solution Update the Software Update to the...

6CVSS6.1AI score0.01064EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/03/17 12:0 a.m.•33 views

JVN#38227002: Unzipper vulnerable to directory traversal

Unzipper provided by R-Company contains an issue in processing file names, which may result in a directory traversal CWE-22 vulnerability. Impact A remote, unauthenticated attacker may create an arbitrary file or overwrite an existing file in a directory that the application has privileges to...

5.8CVSS6.5AI score0.01496EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/11/29 12:0 a.m.•33 views

JVN#41703192: TOWN (modified version) vulnerable to directory traversal

TOWN modified version provided by Tattyan's HP contains a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files on the server. Solution Apply an update Update to the latest version according to the information provided by the developer. Products Affected TOWN...

5CVSS6.6AI score0.01854EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/09/12 12:0 a.m.•33 views

JVN#01094166: Opera vulnerable to cross-site scripting

Opera is a web browser. Opera contains a cross-site scripting vulnerability when the page encoding settings are set to UTF-8. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an Update Update to the latest version according to the information provided by the...

4.3CVSS5.7AI score0.01788EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/08/19 12:0 a.m.•33 views

JVN#68156832: Yafuoku! contains an issue where it fails to verify SSL server certificates

Yafuoku! provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the informati...

5.8CVSS6.2AI score0.00521EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/12/14 12:0 a.m.•33 views

JVN#18731696: Welcart vulnerable to cross-site scripting

Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the management page of Welcart. Solution Update the software Update to the latest version according to the...

4.3CVSS5.8AI score0.01948EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/05/15 12:0 a.m.•33 views

JVN#53465692: baserCMS vulnerable to session management

baserCMS is an open-source Contents Management System CMS. baserCMS contains a vulnerability in session management. Impact If a web server is hosting several websites, and baserCMS are installed on the respective websites, an administrator of a baserCMS can access baserCMS instance of the other...

5.1CVSS6.2AI score0.02699EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/26 12:0 a.m.•33 views

JVN#15503729: OSQA vulnerable to cross-site scripting

OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply a patch Apply the patch according to the information provided the developer. According to the developer, this...

4.3CVSS5.8AI score0.01161EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/26 12:0 a.m.•33 views

JVN#82029095: sp mode mail issue in the verification of SSL certificates

sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Impact Since no warning is issued when connecting to a server that is using an invalid SSL server certificate, a remote attacker may be able to intercept communications. Solution Update the...

5.8CVSS6.3AI score0.00665EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/05 12:0 a.m.•33 views

JVN#92830293: TOSHIBA TEC e-Studio series vulnerable to authentication bypass

e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may...

10CVSS6.5AI score0.04725EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/03/05 12:0 a.m.•33 views

JVN#08871006: ES File Explorer fails to restrict access permissions

ES File Explorer provided by EStrongs Inc. is a file and application manager. ES File Explorer contains an issue where access permissions are not restricted. Impact When using a specific function, a remote attacker may obtain local files that the application has permissions to view. Solution Upda...

4.3CVSS6.3AI score0.01054EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/11 12:0 a.m.•33 views

JVN#78901873: Wibu-Systems CodeMeter Runtime vulnerable to denial-of-service

CodeMeter Runtime provided by Wibu-Systems AG contains an issue when processing TCP packets, which may lead to a denial-of-service DoS. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the software Update to the latest version according to the information...

5CVSS6.1AI score0.05107EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 12:0 a.m.•33 views

JVN#50227837: Touhou Hisouten vulnerable to denial-of-service

Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Impact A remote attacker may cause an unexpected application termination. Solution Apply a patch...

5CVSS6.4AI score0.01409EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/07/15 12:0 a.m.•33 views

JVN#86220950: Google Search Appliance vulnerable to cross-site scripting

Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Impact An arbitrary script may executed on the user's web browser. Solution Update the software Update to...

4.3CVSS6AI score0.00489EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/05/17 12:0 a.m.•33 views

JVN#99175647: Virus Buster 2009 key input encryption function vulnerability

The key input encryption function in Virus Buster 2009 contains a vulnerability where a portion of password that is entered in the web browser is not properly encrypted. Impact When input information is stolen by a key logger, portions of the information may be leaked in plaintext. Solution Updat...

2.1CVSS6.3AI score0.0023EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/01/11 12:0 a.m.•33 views

JVN#50704770: Aipo vulnerable to SQL injection

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution Update the Software Update to the latest version...

7.5CVSS7.1AI score0.01299EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/11/09 12:0 a.m.•33 views

JVN#48425028: Flash Player access restriction bypass vulnerability

When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed. Impact...

9.3CVSS8.1AI score0.05256EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/22 12:0 a.m.•33 views

JVN#89272705: Sleipnir and Grani may insecurely load executable files

Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani load certain executables when displaying the source code of the HTML file currently being viewed. Sleipnir and Grani contain an issue with the file search path, which may insecurely load executables. Impact An attacker may...

6.9CVSS7.1AI score0.00295EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/10/21 12:0 a.m.•33 views

JVN#71138390: Apsaly may insecurely load executable files

Apsaly is a text editor that can interact with other applications. Apsaly loads certain executables when opening the folder that contains the file that is being edited, or when a particular sequence of actions are performed. Apsaly contains an issue with the file search path, which may insecurely...

6.9CVSS7.3AI score0.00283EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/04/08 12:0 a.m.•33 views

JVN#19774883 MODx vulnerable to SQL injection

MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according to the information...

7.5CVSS6.9AI score0.01096EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/11/04 12:0 a.m.•33 views

JVN#72974205 Roundcube Webmail vulnerable to cross-site request forgery

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN75694913. Impact An attacker may be able to alter the user information within Roundcube...

6.8CVSS5.6AI score0.01342EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/09/18 12:0 a.m.•33 views

JVN#65914253 Directory traversal vulnerability in multiple phpspot products

Multiple products BBS Software etc. provided by phpspot contain a directory traversal vulnerablility. Impact A remote attacker could view files on the server where the product is installed. This could lead to disclosure of contents. Solution Update the software Update to latest version according ...

5CVSS6.3AI score0.01505EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/06/24 12:0 a.m.•33 views

JVN#86472161 Movable Type cross-site scripting vulnerability

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...

2.6CVSS5.8AI score0.01083EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/06/19 12:0 a.m.•33 views

JVN#12244807 Cross-site scripting vulnerability in PukiWikiMod from XOOPS Maniac

PukiWikiMod from XOOPS Maniac is a contents management software for XOOPS. PukiWikiMod contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to latest version according to the information provided b...

4.3CVSS5.9AI score0.01223EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/02/26 12:0 a.m.•33 views

JVN#66905322: Apache Tomcat information disclosure vulnerability

Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request. Impact A remote attacker could possibly obtain user...

2.6CVSS7.4AI score0.03914EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/01/07 12:0 a.m.•33 views

JVN#36802959 MyNETS cross-site scripting vulnerability

MyNETS from Usagi Project is an open source SNS Social Networking Service software. MyNETS contains a cross-site scripting vulnerability. Impact If a user views a specially crafted web page, an arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

4.3CVSS5.8AI score0.01065EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2008/10/06 12:0 a.m.•33 views

JVN#92651529 Nucleus EUC-JP Japanese Edition vulnerable to cross-site scripting

Nucleus is an open source content management system provided by The Nucleus Group. Nucleus EUC-JP Japanese Edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the specific web browser. Solution Update the Software Apply the latest update provided b...

4.3CVSS6AI score0.0157EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/12/04 12:0 a.m.•33 views

JVN#84798830 Denial of service vulnerability in Ruby CGI library (cgi.rb)

Impact A remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request. Solution Products Affected 1.8 series 1.8.5 and all previous versions Developer version 1.9 series 2006-12-04 and all previous versions For more information, refer to the...

5CVSS7.3AI score0.04071EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2006/08/28 12:0 a.m.•33 views

JVN#90420168: Cybozu products vulnerable to directory traversal

Impact A remote authenticated attacker could read an arbitrary file on the server. The files that can be viewed by an attacker depend on the environment where the Cybozu products are installed. Solution Products Affected Cybozu Office 6 5 1.2 and earlier Cybozu Garoon 1.5 4.0 and earlier...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2005/10/24 12:0 a.m.•33 views

JVN#77105349 XOOPS cross-site scripting vulnerability

Impact A remote attacker may upload a script to be executed by a user reading a private message or a forum article. This may allow a remote attacker to perform a session-hijacking and manipulate the screens after the user logs in. Solution Products Affected XOOPS 2.0.12 JP and earlier XOOPS...

4.3CVSS6.6AI score0.01629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/10/11 12:0 a.m.•32 views

JVN#74538317: Multiple vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N Base Score 3.8 CVE-2024-46897 Stored Cross-site Scripting CWE-79...

5.4CVSS7.2AI score0.00356EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/09/06 12:0 a.m.•32 views

JVN#32529796: Multiple products from KINGSOFT JAPAN vulnerable to path traversal

KINGSOFT JAPAN, INC. provides Kingsoft Office Software's WPS Office and its related products localized for Japan. WPS Office and its related products provided by KINGSOFT JAPAN, INC. contain a path traversal vulnerability CWE-22, CVE-2024-7262, CVE-2024-7263 due to inadequate file path validation...

9.3CVSS7.7AI score0.01773EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/26 12:0 a.m.•32 views

JVN#34977158: WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability CWE-352. Impact While a user logs in to the WordPress site where the affected plugin is enabled, accessing a malicious page may make the user perform unintended...

8.1CVSS7.9AI score0.00256EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/06/03 12:0 a.m.•32 views

JVN#43215077: Multiple vulnerabilities in UNIVERSAL PASSPORT RX

UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in...

6.5CVSS6.7AI score0.00289EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2024/01/23 12:0 a.m.•32 views

JVN#96154238: Android App "Spoon" uses a hard-coded API key for an external service

Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Impact The hard-coded API key may be retrieved when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. Note that t...

5.5CVSS5.3AI score0.00163EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/12/04 12:0 a.m.•32 views

JVN#46895889: RakRak Document Plus vulnerable to path traversal

RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability CWE-22. Impact Arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges. Solution Update the Software Update the software to t...

8.8CVSS8.7AI score0.00874EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/10/16 12:0 a.m.•32 views

JVN#80476432: web2py vulnerable to OS command injection

web2py web application framework contains an OS command injection vulnerability CWE-78. Impact When web2py is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product. Solution Upda...

9.8CVSS9.6AI score0.03689EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2023/06/12 12:0 a.m.•32 views

JVN#36060509: "WPS Office" vulnerable to OS command injection

"WPS Office" which was provided by KINGSOFT JAPAN, INC. contains an OS command injection vulnerability CWE-78. Impact If a remote attacker who can conduct a man-in-the-middle attack connects the product to a malicious server and sends a specially crafted data, an arbitrary OS command may be...

8.1CVSS8.2AI score0.0106EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/23 12:0 a.m.•32 views

JVN#02158640: web2py vulnerable to open redirect

web2py contains an open redirect vulnerability CWE-601. Impact When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. Solution Update the Software Update the software to the latest version accordi...

6.1CVSS6.1AI score0.01443EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/01 12:0 a.m.•32 views

JVN#28659051: T&D Data Server and THERMO RECORDER DATA SERVER vulnerable to directory traversal

T&D Data Server and THERMO RECORDER DATA SERVER provided by T&D Corporation contain a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by a remote attacker. Solution Update the software Update the software to the latest version according to the...

7.5CVSS7.5AI score0.03234EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/02/04 12:0 a.m.•32 views

JVN#67396225: CSV+ vulnerable to cross-site scripting

CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Impact If a CSV file containing a tag is loaded and the link is clicked by the user of the software, an arbitrary script or OS command may be executed. Solution Update the Software Update...

9.6CVSS8.9AI score0.03174EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/30 12:0 a.m.•32 views

JVN#19482703: Wi-Fi STATION SH-52A vulnerable to cross-site scripting

Wi-Fi STATION SH-52A provided by NTT DOCOMO, INC. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the WebUI of the product. Solution Apply an Update Apply the update according to the information...

6.1CVSS6.1AI score0.00815EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2021/11/10 12:0 a.m.•32 views

JVN#68066589: WordPress Plugin "Booking Package - Appointment Booking Calendar System" vulnerable to cross-site scripting

WordPress Plugin "Booking Package - Appointment Booking Calendar System" provided by Saasproject contains a cross-site scripting vulnerability CWE-79 due to the flaw in handling some URL query parameters. Impact An arbitrary script may be executed on the web browser of the user who is accessing t...

6.1CVSS6AI score0.01243EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2018/02/06 12:0 a.m.•32 views

JVN#70615027: The installer of Anshin net security for Windows may insecurely load Dynamic Link Libraries

Anshin net security for Windows provided by KDDI CORPORATION is an Internet Security suite. The installer of Anshin net security for Windows contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with...

7.8CVSS7.7AI score0.00927EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/25 12:0 a.m.•32 views

JVN#41185163: Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE may insecurely load Dynamic Link Libraries

Installers of the screensavers provided by JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Impact This vulnerability can be exploited when the following condition is met. If this vulnerabilit...

9.3CVSS7.7AI score0.01427EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/12/26 12:0 a.m.•32 views

JVN#96681653: WinSparkle issue where registry value is not validated

When an application that uses WinSparkle is launched, it checks the directory used by WinSparkle for temporary files and deletes any temporary files. This directory path is specified in a registry key. In a situation where an attacker has modified the specific registry value used by this library,...

7.8CVSS7.5AI score0.02594EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/24 12:0 a.m.•32 views

JVN#55826471: WordPress plugin "Welcart e-Commerce" vulnerable to cross-site scripting

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the develope...

6.1CVSS6AI score0.01491EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/22 12:0 a.m.•32 views

JVN#75028871: CG-WLR300GNV Series does not limit authentication attempts

CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Impact An unauthenticated attacker within wireless range of the device may perfor...

5.3CVSS5.5AI score0.01385EPSS
Exploits0
Total number of security vulnerabilities5000