Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Prc2402M Firmware Security Vulnerabilities

cve
cve

CVE-2021-36705

In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.

9.8CVSS

9.6AI Score

0.029EPSS

2021-08-06 02:15 PM
34
2
cve
cve

CVE-2021-36706

In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.

9.8CVSS

9.6AI Score

0.029EPSS

2021-08-06 02:15 PM
34
2
cve
cve

CVE-2021-36707

In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.

9.8CVSS

9.6AI Score

0.314EPSS

2021-08-06 02:15 PM
34
cve
cve

CVE-2021-36708

In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.

7.5CVSS

7.5AI Score

0.003EPSS

2021-08-06 02:15 PM
35