CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-26866
https://notcve.org/view.php?id=CVE-2023-26866
GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover. • https://github.com/lionelmusonza/CVE-2023-26866 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14067
https://notcve.org/view.php?id=CVE-2018-14067
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980. Los dispositivos Green Packet WiMax DV-360 versión 2.10.14-g1.0.6.1, permiten una inyección de comandos, con una ejecución de comando remota no autenticados, por medio de una carga útil diseñada al puerto HTTPS, porque lighttpd escucha en todas las interfaces de red (incluyendo la Internet externa) por defecto . NOTA: esto puede solaparse al CVE-2017-9980. • https://www.shellcode.it/article/greenpacket-wimax • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6552 – Green Packet DX-350 uses default credentials
https://notcve.org/view.php?id=CVE-2016-6552
Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device. Green Packet DX-350 emplea credenciales por defecto no aleatorias de: root:wimax. Un atacante remoto en la red puede obtener acceso privilegiado a un dispositivo vulnerable. • https://www.kb.cert.org/vuls/id/970379 https://www.securityfocus.com/bid/93806 • CWE-255: Credentials Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-9930
https://notcve.org/view.php?id=CVE-2017-9930
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. Se presenta un problema de tipo Cross-Site Request Forgery (CSRF) en Green Packet DX-350 versión de Firmware v2.8.9.5-g1.4.8-atheeb, como es demostrado por una petición al archivo ajax.cgi que habilita al UPnP. • https://iscouncil.blogspot.com/2017/07/green-packet-dx-350-vulnerable-to-csrf.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2017-9980
https://notcve.org/view.php?id=CVE-2017-9980
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter. En Green Packet DX-350 versión de firmware v2.8.9.5-g1.4.8-atheeb, la función "PING" (se conoce como tag_ipPing) dentro de la interfaz web permite realizar la inyección de comandos, por medio del parámetro "pip" • https://iscouncil.blogspot.com/2017/07/command-injection-in-green-packet-dx.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •