Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): firmware
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9406 |
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. Published: December 18, 2014; 10:59:03 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-5438 |
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php. Published: December 17, 2014; 1:59:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-5437 |
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. Published: December 17, 2014; 1:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-8496 |
Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack. Published: December 09, 2014; 7:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-9350 |
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm. Published: December 08, 2014; 11:59:22 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-4880 |
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. Published: December 08, 2014; 6:59:07 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9144 |
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). Published: December 05, 2014; 10:59:07 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9143 |
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. Published: December 05, 2014; 10:59:06 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-9142 |
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. Published: December 05, 2014; 10:59:05 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-9238 |
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) character. Published: December 03, 2014; 4:59:08 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9234 |
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. Published: December 03, 2014; 4:59:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8493 |
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. Published: November 20, 2014; 12:50:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-1635 |
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter. Published: November 12, 2014; 11:55:06 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-2179 |
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. Published: November 07, 2014; 6:55:02 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-2178 |
Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. Published: November 07, 2014; 6:55:02 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-2177 |
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. Published: November 07, 2014; 6:55:02 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2014-8657 |
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html. Published: November 06, 2014; 10:55:10 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8656 |
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. Published: November 06, 2014; 10:55:10 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-8655 |
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml. Published: November 06, 2014; 10:55:10 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8654 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html. Published: November 06, 2014; 10:55:10 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |