3 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. Los dispositivos de repetidores inalámbricos Intelbras NPLUG 1.0.0.14 no tienen protección de tokens Cross-Site Request Forgery (CSRF) en la interfaz web, lo que permite que los atacantes realicen acciones como el cambio del SSID inalámbrico, reiniciar el dispositivo, editar listas de control de acceso o activar el acceso remoto. NPLUG Wireless Repeater version 1.0.0.14 suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities. • http://seclists.org/fulldisclosure/2018/Oct/18 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. Los dispositivos Intelbras NPLUG 1.0.0.14 tienen Cross-Site Scripting (XSS) mediante un SSID manipulado que se recibe por medio de una transmisión de red. NPLUG Wireless Repeater version 1.0.0.14 suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities. • http://seclists.org/fulldisclosure/2018/Oct/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1

Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. Los dispositivos de repetidores inalámbricos Intelbras NPLUG 1.0.0.14 tienen una vulnerabilidad crítica que permite que un atacante se autentique en la interfaz web solo empleando "admin:" como nombre de la cookie. NPLUG Wireless Repeater version 1.0.0.14 suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities. • http://seclists.org/fulldisclosure/2018/Oct/18 • CWE-287: Improper Authentication •