|
201021
|
4.8 |
MEDIUM
Network
|
elecom
|
wrc-300febk-s_firmware
|
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command …
|
CWE-295
Improper Certificate Validation
|
CVE-2021-20649
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201022
|
6.8 |
MEDIUM
Adjacent
|
elecom
|
wrc-300febk-s_firmware
|
ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2021-20648
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201023
|
6.5 |
MEDIUM
Network
|
elecom
|
wrc-300febk-s_firmware
|
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector.…
|
CWE-352
Origin Validation Error
|
CVE-2021-20647
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201024
|
6.5 |
MEDIUM
Network
|
elecom
|
wrc-300febk-a_firmware
|
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector.…
|
CWE-352
Origin Validation Error
|
CVE-2021-20646
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201025
|
5.4 |
MEDIUM
Network
|
elecom
|
wrc-300febk-a_firmware
|
Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20645
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201026
|
6.1 |
MEDIUM
Network
|
elecom
|
wrc-1467ghbk-a_firmware
|
ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.
|
CWE-74
Injection
|
CVE-2021-20644
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201027
|
7.5 |
HIGH
Network
|
elecom
|
ld-ps\/u1_firmware
|
Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.
|
NVD-CWE-Other
|
CVE-2021-20643
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201028
|
6.5 |
MEDIUM
Network
|
logitech
|
lan-w300n\/rs_firmware
|
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
|
NVD-CWE-Other
|
CVE-2021-20642
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201029
|
6.5 |
MEDIUM
Network
|
logitech
|
lan-w300n\/rs_firmware
|
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended ope…
|
CWE-352
Origin Validation Error
|
CVE-2021-20641
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201030
|
6.8 |
MEDIUM
Adjacent
|
logitech
|
lan-w300n\/pgrb_firmware
|
Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.
|
CWE-120
Classic Buffer Overflow
|
CVE-2021-20640
|
2024-11-21 14:46 |
2021-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
