CVE-2020-16210 – Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
https://notcve.org/view.php?id=CVE-2020-16210
The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions). El producto afectado es vulnerable a un ataque de tipo cross-site scripting reflejado, lo que puede permitir a un atacante ejecutar código arbitrario remotamente y llevar a cabo acciones en el contexto de un usuario atacado en los dispositivos N-Tron 702-W / 702M12-W (todas las versiones) Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities. • http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html http://seclists.org/fulldisclosure/2020/Sep/6 https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-16208 – Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
https://notcve.org/view.php?id=CVE-2020-16208
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions). El producto afectado es vulnerable a un ataque de tipo cross-site request forgery, lo que puede permitir a un atacante modificar diferentes configuraciones de un dispositivo al convencer a un usuario autenticado a hacer clic en un enlace diseñado en los dispositivos N-Tron 702-W / 702M12-W (todas las versiones) Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities. • http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html http://seclists.org/fulldisclosure/2020/Sep/6 https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-16206 – Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
https://notcve.org/view.php?id=CVE-2020-16206
The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions). El producto afectado es vulnerable a un ataque de tipo cross-site scripting almacenados, lo que puede permitir a un atacante ejecutar código arbitrario remotamente para conseguir acceso a datos confidenciales en los dispositivos N-Tron 702-W / 702M12-W (todas las versiones) Red Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities. • http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html http://seclists.org/fulldisclosure/2020/Sep/6 https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-10984 – Red Lion Crimson CD3 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-10984
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. Red Lion Controls Crimson, versión 3.0 y anteriores y versión 3.1 anterior a la publicación 3112.00, permite que múltiples vulnerabilidades sean explotadas cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado que causa que el programa maneje inapropiadamente los punteros. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CD3 files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • https://www.us-cert.gov/ics/advisories/icsa-19-248-01 • CWE-465: Pointer Issues •
CVE-2019-10978 – Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-10978
Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. Red Lion Controls Crimson, versión 3.0 y anterior y versión 3.1 anterior a la publicación 3112.00, permite que múltiples vulnerabilidades sean explotadas cuando un usuario válido abre un archivo de entrada malicioso especialmente diseñado que opera fuera del área de memoria designada. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of CD31 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://www.us-cert.gov/ics/advisories/icsa-19-248-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •