Lucene search

Comtrend Security Vulnerabilities

cve

CVE-2010-0470

Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter.

5.9AI Score

0.022EPSS

2022-10-03 04:21 PM

cve

CVE-2018-20388

Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

9.8CVSS

9.4AI Score

0.005EPSS

2022-10-03 04:22 PM

cve

CVE-2018-8062

A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.

5.4CVSS

5.3AI Score

0.001EPSS

2020-10-23 05:15 AM

cve

CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

8.8CVSS

9AI Score

0.426EPSS

2020-03-05 03:15 PM

In Wild