CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20074
https://notcve.org/view.php?id=CVE-2019-20074
29 Dec 2019 — On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. En los dispositivos Netis DL4323, cualquier rol de usuario puede visualizar información confidencial, tal y como una contraseña de usuario o la contraseña de FTP, por medio de la página form2saveConf.cgi. • https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2019-20075
https://notcve.org/view.php?id=CVE-2019-20075
29 Dec 2019 — On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). En los dispositivos Netis DL4323, el archivo pingrtt_v6.html presenta una vulnerabilidad de tipo XSS • https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2019-20076
https://notcve.org/view.php?id=CVE-2019-20076
29 Dec 2019 — On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). En los dispositivos Netis DL4323, existe una vulnerabilidad de tipo XSS por medio del parámetro username del archivo form2Ddns.cgi (configuración DynDns de la configuración dinámica de DNS). • https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 71%CPEs: 4EXPL: 2CVE-2019-8985
https://notcve.org/view.php?id=CVE-2019-8985
21 Feb 2019 — On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa. En Netis WF211, con la versión de firmware 2.1.36123, y otros dispositivos de Netis (posiblemente de... • https://github.com/Squirre17/CVE-2019-8985 • CWE-306: Missing Authentication for Critical Function CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3CVE-2018-6391
https://notcve.org/view.php?id=CVE-2018-6391
29 Jan 2018 — A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. Se ha descubierto una vulnerabilidad web de Cross-Site Request Forgery (CSRF) en dispositivos Netis WF2419 V2.2.36123. Un atacante remoto puede eliminar opciones de Address Reservation List. • https://0day.today/exploit/29659 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2018-5967
https://notcve.org/view.php?id=CVE-2018-5967
25 Jan 2018 — Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. Los dispositivos Netis WF2419 V2.2.36123 permiten Cross-Site Scripting (XSS) mediante el parámetro Description en la página Bandwidth Control Rule Settings. • https://packetstormsecurity.com/files/145513/Netis-WF2419-HTML-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6190 – Netis WF2419 Router - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-6190
24 Jan 2018 — Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. Los dispositivos Netis WF2419 V3.2.41381 permiten XSS mediante el campo Description en la página MAC Filtering. • https://www.exploit-db.com/exploits/43981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •