|
267921
|
8.8 |
HIGH
Network
|
readynet_solutions
|
wrt300n-dd_firmware
|
Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2015-7281
|
2024-11-21 11:36 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267922
|
9.8 |
CRITICAL
Network
|
readynet_solutions
|
wrt300n-dd_firmware
|
The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative priv…
|
CWE-255
Credentials Management
|
CVE-2015-7280
|
2024-11-21 11:36 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267923
|
5.3 |
MEDIUM
Network
|
ampedwireless
|
r10000_firmware
|
Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses b…
|
NVD-CWE-Other
|
CVE-2015-7279
|
2024-11-21 11:36 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267924
|
8.8 |
HIGH
Network
|
ampedwireless
|
r10000_firmware
|
Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2015-7278
|
2024-11-21 11:36 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267925
|
9.8 |
CRITICAL
Network
|
ampedwireless
|
r10000_firmware
|
The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative …
|
CWE-255
Credentials Management
|
CVE-2015-7277
|
2024-11-21 11:36 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267926
|
6.1 |
MEDIUM
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the error…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7252
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267927
|
9.8 |
CRITICAL
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
|
CWE-255
Credentials Management
|
CVE-2015-7251
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267928
|
7.5 |
HIGH
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getp…
|
CWE-22
Path Traversal
|
CVE-2015-7250
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267929
|
4.9 |
MEDIUM
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-7249
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267930
|
7.5 |
HIGH
Network
|
zte
|
zxhn_h108n_r1a_firmware
|
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability…
|
CWE-200
Information Exposure
|
CVE-2015-7248
|
2024-11-21 11:36 |
2015-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
