Lucene search
HongdianH8951-4g-esp Firmware
3 matches found
CVE-2023-49255
The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated on...
9.8CVSS6.7AI score0.00078EPSS
CVE-2023-49253
Root user password is hardcoded into the device and cannot be changed in the user interface.
9.8CVSS9.4AI score0.00082EPSS
CVE-2023-49262
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.
9.8CVSS9.5AI score0.00027EPSS