BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.
7.5CVSS
7.5AI Score
0.022EPSS
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3.
5.3CVSS
5.3AI Score
0.001EPSS
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.
9.8CVSS
9.8AI Score
0.069EPSS