A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allowmodified firmware to be uploaded when an authorized admin user begins a firmware updateprocedure which could result in full control over the device.
7.2CVSS
5.2AI Score
0.0005EPSS
A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerabilityexists that could cause compromise of a userβs browser when an attacker with admin privilegeshas modified system values.
4.8CVSS
5.1AI Score
0.0004EPSS