Vulnerabilities (CVE)

Filtered by vendor Netis-systems Subscribe
Total 49 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20074 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.0 MEDIUM 8.8 HIGH
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
CVE-2019-20073 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
CVE-2019-20072 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).
CVE-2019-20071 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 5.8 MEDIUM 6.5 MEDIUM
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
CVE-2019-20070 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
CVE-2018-6391 1 Netis-systems 2 Wf2419, Wf2419 Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.
CVE-2018-6190 1 Netis-systems 2 Wf2419, Wf2419 Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
CVE-2018-5967 1 Netis-systems 2 Wf2419, Wf2419 Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.
CVE-2018-25069 1 Netis-systems 2 Netcore Router, Netcore Router Firmware 2024-11-21 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability.