CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20645
https://notcve.org/view.php?id=CVE-2021-20645
12 Feb 2021 — Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en ELECOM WRC-300FEBK-A, permite a los atacantes autenticados remotamente inyectar script arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20646
https://notcve.org/view.php?id=CVE-2021-20646
12 Feb 2021 — Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en ELECOM WRC-300FEBK-A, permite a atacantes remotos secuestrar la autenticación de los administradores y ejecutar una petición arbitraria por medio de un vector no e... • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •