Filtered by vendor Netis-systems
Subscriptions
Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26747 | 1 Netis-systems | 4 Wf2411, Wf2411 Firmware, Wf2780 and 1 more | 2021-02-24 | 9.8 Critical |
| Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | ||||
| CVE-2019-8985 | 1 Netis-systems | 4 Wf2411, Wf2411 Firmware, Wf2880 and 1 more | 2020-08-24 | N/A |
| On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa. | ||||
| CVE-2019-20074 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-08-24 | 8.8 High |
| On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. | ||||
| CVE-2020-8946 | 1 Netis-systems | 2 Wf2471, Wf2471 Firmware | 2020-02-21 | 8.8 High |
| Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. | ||||
| CVE-2019-20075 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 6.1 Medium |
| On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | ||||
| CVE-2019-20071 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 6.5 Medium |
| On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. | ||||
| CVE-2019-20076 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). | ||||
| CVE-2019-20070 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | ||||
| CVE-2019-20072 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). | ||||
| CVE-2019-20073 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). | ||||
| CVE-2018-5967 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2018-02-12 | N/A |
| Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. | ||||
| CVE-2018-6190 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2018-02-09 | N/A |
| Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. | ||||