Page 3 of 20 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-38579 – Westermo Lynx 206-F2G Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2023-38579

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. El token de cross-site request forgery en la solicitud puede ser predecible o fácilmente adivinable, lo que permite a los atacantes crear una solicitud maliciosa, que podría ser activada por una víctima sin saberlo. En un ataque CSRF exitoso, el atacante podría llevar al usuario víctima a realizar una acción sin querer. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 19%CPEs: 58EXPL: 4

CVE-2020-12504 – Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

https://notcve.org/view.php?id=CVE-2020-12504

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service. Una vulnerabilidad de Autorización Inapropiada de Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528-XT (todas las versiones) e ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW versiones 1.2.3 y por debajo, presentan un servicio TFTP activo Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095. • http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.html http://seclists.org/fulldisclosure/2021/Jun/0 https://cert.vde.com/de-de/advisories/vde-2020-040 https://cert.vde.com/en-us/advisories/vde-2020-053 https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs • CWE-912: Hidden Functionality •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2020-7227

https://notcve.org/view.php?id=CVE-2020-7227

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp. Los dispositivos Westermo MRD-315 versiones 1.7.3 y 1.7.4, presentan una vulnerabilidad de divulgación de información que permite a un atacante remoto autenticado recuperar el código fuente de diferentes funciones de la aplicación web por medio de peticiones que carecen de determinados parámetros obligatorios. Esto afecta a los archivos ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp e ifaces-wls-pkt-adv.asp. • https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19612

https://notcve.org/view.php?id=CVE-2018-19612

The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. La funcionalidad /uploadfile? de los enrutadores Westermo DR-250 Pre-5162 y DR-260 Pre-5162, permite usuarios remotos cargar tipos de archivos maliciosos y ejecutar códigos ASP. • https://github.com/TheWickerMan/CVE-Disclosures/blob/master/CVE-2018-19612.md https://www.westermo.us • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-19613

https://notcve.org/view.php?id=CVE-2018-19613

Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. Los enrutadores Westermo DR-250 Pre-5162 y DR-260 Pre-5162, permiten una vulnerabilidad de tipo CSRF. • https://github.com/TheWickerMan/CVE-Disclosures/blob/master/CVE-2018-19613.md https://www.westermo.us • CWE-352: Cross-Site Request Forgery (CSRF) •