Dr-250 Firmware Security Vulnerabilities - February

CVE-2018-19612

The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code.

CVE-2018-19613

Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF.

CVE-2018-19614

XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers.