CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2020-16204 – Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
https://notcve.org/view.php?id=CVE-2020-16204
01 Sep 2020 — The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions). El producto afectado es vulnerable debido a una interfaz no documentada que se encuentra en el dispositivo, lo que puede permitir a un atacante ejecutar comandos como root en el dispositivo en los dispositivos N-Tron 702-W / 702M12-W (todas las versiones) Red Lion N-Tron 702-W and 702M12-W versions 2.0.26... • http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html • CWE-912: Hidden Functionality •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2020-16210 – Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
https://notcve.org/view.php?id=CVE-2020-16210
01 Sep 2020 — The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions). El producto afectado es vulnerable a un ataque de tipo cross-site scripting reflejado, lo que puede permitir a un atacante ejecutar código arbitrario remotamente y llevar a cabo acciones en el contexto de un usuario atacado en los dispositivos N-Tron 702-W / 702M12-W (todas la... • http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16208 – Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
https://notcve.org/view.php?id=CVE-2020-16208
01 Sep 2020 — The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions). El producto afectado es vulnerable a un ataque de tipo cross-site request forgery, lo que puede permitir a un atacante modificar diferentes configuraciones de un dispositivo al convencer a un usuario autenticado a hacer clic en un enlace diseñado en los dispositivo... • http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 2CVE-2020-16206 – Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
https://notcve.org/view.php?id=CVE-2020-16206
01 Sep 2020 — The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions). El producto afectado es vulnerable a un ataque de tipo cross-site scripting almacenados, lo que puede permitir a un atacante ejecutar código arbitrario remotamente para conseguir acceso a datos confidenciales en los dispositivos N-Tron 702-W / 702M12-W (todas las versiones) Red Lion N-Tron 702-W and 7... • http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 11%CPEs: 189EXPL: 16CVE-2017-16544 – Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
https://notcve.org/view.php?id=CVE-2017-16544
20 Nov 2017 — In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. En la función add_match en libbb/lineedit.c en BusyBox hasta la versión 1.27.2, la característica de autocompletar pestañas del shell, empleada para obtener una lista d... • https://packetstorm.news/files/id/167552 • CWE-94: Improper Control of Generation of Code ('Code Injection') •