CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-42658
https://notcve.org/view.php?id=CVE-2024-42658
19 Aug 2024 — An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter • https://github.com/sudo-subho/CVE-2024-42658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-42657
https://notcve.org/view.php?id=CVE-2024-42657
19 Aug 2024 — An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process • https://github.com/sudo-subho/CVE-2024-42657 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40119
https://notcve.org/view.php?id=CVE-2024-40119
17 Jul 2024 — Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote attackers to change the admin password without the user's consent, leading to a potential account takeover. Nepstech Wifi Router xpon (terminal) modelo NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la función de cambio de contraseña, que permite a atacantes r... • https://github.com/sudo-subho/nepstech-xpon-router-CVE-2024-40119 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37855
https://notcve.org/view.php?id=CVE-2024-37855
25 Jun 2024 — An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials. Un problema en Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, la versión de hardware 1.0, firmware 2.0.1, permite a un atacante remoto ejecutar código arbitrario a través del puerto Telnet 2345 del enrutador sin requerir credenciales de autenticación. • https://github.com/sudo-subho/nepstech-xpon-router-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •