CVE-2018-19612
https://notcve.org/view.php?id=CVE-2018-19612
The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. La funcionalidad /uploadfile? de los enrutadores Westermo DR-250 Pre-5162 y DR-260 Pre-5162, permite usuarios remotos cargar tipos de archivos maliciosos y ejecutar códigos ASP. • https://github.com/TheWickerMan/CVE-Disclosures/blob/master/CVE-2018-19612.md https://www.westermo.us • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-19613
https://notcve.org/view.php?id=CVE-2018-19613
Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. Los enrutadores Westermo DR-250 Pre-5162 y DR-260 Pre-5162, permiten una vulnerabilidad de tipo CSRF. • https://github.com/TheWickerMan/CVE-Disclosures/blob/master/CVE-2018-19613.md https://www.westermo.us • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-19614
https://notcve.org/view.php?id=CVE-2018-19614
XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers. Una vulnerabilidad XSS existe en la función /cmdexec/cmdexe?cmd= de los enrutadores Westermo DR-250 Pre-5162 y DR-260 Pre-5162. • https://github.com/TheWickerMan/CVE-Disclosures/blob/master/CVE-2018-19614.md https://www.westermo.us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •