Page 2 of 8 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-9932

https://notcve.org/view.php?id=CVE-2017-9932

Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. Green Packet DX-350 versión de Firmware v2.8.9.5-g1.4.8-atheeb, tiene una contraseña de administrador por defecto para la cuenta de administrador. • https://iscouncil.blogspot.com/2017/07/authentication-bypass-in-green-packet.html • CWE-798: Use of Hard-coded Credentials •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2017-9931

https://notcve.org/view.php?id=CVE-2017-9931

Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi. Se presenta un problema de tipo Cross-Site Scripting (XSS) en Green Packet DX-350 versión de Firmware v2.8.9.5-g1.4.8-atheeb, como es demostrado por el parámetro action en el archivo ajax.cgi. • https://iscouncil.blogspot.com/2017/07/green-packet-dx-350-vulnerable-to-cross.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 1

CVE-2017-3216

https://notcve.org/view.php?id=CVE-2017-3216

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. Los routers WiMAX basados en MediaTek SDK (libmtk) que emplean un plugin httpd personalizado son vulnerables a una omisión de autenticación. Esto permite que un atacante remoto no autenticado obtenga acceso de administrador al dispositivo realizando un cambio de contraseña de administrador en el dispositivo mediante una petición POST manipulada. • http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html http://www.kb.cert.org/vuls/id/350135 https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt • CWE-306: Missing Authentication for Critical Function •