CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3930
https://notcve.org/view.php?id=CVE-2014-3930
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials. Lg.pl en Cistron-LG 1.01 almacena información confidencial bajo la raíz web con controles de acceso insuficientes, lo que permite a atacantes remotos obtener direcciones IP y otras credenciales de router no especificadas. • http://www.s3.eurecom.fr/cve/CVE-2014-3930.txt https://hackerone.com/reports/16330 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3926
https://notcve.org/view.php?id=CVE-2014-3926
Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter. Vulnerabilidad de XSS en lg.cgi en Cougar LG 1.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través del parámetro "addr". • http://blog.talosintelligence.com/2014/09/looking-glasses-with-bacon.html https://gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9 https://github.com/Cougar/lg/issues/3 https://hackerone.com/reports/16330 https://tools.cisco.com/security/center/viewAlert.x?alertId=35685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •