In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users.
4.3CVSS
4.8AI Score
0.001EPSS
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the βwan_typeβ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection.
6.5CVSS
6.5AI Score
0.001EPSS
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.
5.4CVSS
5.6AI Score
0.001EPSS