
CVE-2024-40113
https://notcve.org/view.php?id=CVE-2024-40113
02 Jun 2025 — Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials. Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 y anteriores es vulnerable al uso de credenciales predeterminadas. • http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads • CWE-1392: Use of Default Credentials •

CVE-2024-40112
https://notcve.org/view.php?id=CVE-2024-40112
02 Jun 2025 — A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information. Existe una vulnerabilidad de inclusión de archivos locales (LFI) en Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 y versiones anteriores, que permite a un atacante manipular la cookie de idioma para incluir arch... • http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVE-2024-40114
https://notcve.org/view.php?id=CVE-2024-40114
02 Jun 2025 — A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code. Una vulnerabilidad de cross-site-scripting (XSS) en Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 y anteriores permite a un atacante manipular la cookie de idioma para inyectar código JavaScript malicioso. • http://www.sitecomlearningcentre.com/products/wlx-2006v1001/wi-fi-range-extender-n300/downloads • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2013-6786
https://notcve.org/view.php?id=CVE-2013-6786
16 Jan 2014 — Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sou... • http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2012-1922 – Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1922
24 Jan 2013 — Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/f... • https://www.exploit-db.com/exploits/18651 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2012-1921 – Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-1921
26 Aug 2012 — Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en goform/admin/formWlEncrypt en Sitecom WLM-2501 permite a atacantes remotos secuestrar la autenticación de los administradores de las peticiones que cambian la contraseña del router a través del... • https://www.exploit-db.com/exploits/18651 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2011-4503
https://notcve.org/view.php?id=CVE-2011-4503
22 Nov 2011 — The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. La implementación de UPnP IGD en Broadcom Linux en el Sitecom WL-111, permite a atacantes remotos establecer mapas de puertos de su elección enviando una acción UPnP AddPortMapping en una petición SOAP al interfaz WAN, relacionado con una vulnerabilida... • http://www.kb.cert.org/vuls/id/357851 • CWE-16: Configuration •

CVE-2011-4501
https://notcve.org/view.php?id=CVE-2011-4501
22 Nov 2011 — The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. La implementación de UPnP IGD en Edimax EdiLin... • http://www.kb.cert.org/vuls/id/357851 • CWE-16: Configuration •

CVE-2011-4502
https://notcve.org/view.php?id=CVE-2011-4502
22 Nov 2011 — The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. La implementación de UPnP IGD en Edimax EdiLinux en el Edimax BR-6104K con firmware anterior a v3.25 Edimax 6114Wg, Canyon-Tech CN-WF512 con firmware anterior... • http://www.kb.cert.org/vuls/id/357851 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2006-2560
https://notcve.org/view.php?id=CVE-2006-2560
24 May 2006 — Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. • http://secunia.com/advisories/20183 • CWE-264: Permissions, Privileges, and Access Controls •