CVE-2023-37482
- EPSS 0.05%
- Published 11.02.2025 11:15:11
- Last modified 11.02.2025 11:15:11
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
CVE-2024-46886
- EPSS 0.07%
- Published 08.10.2024 09:15:16
- Last modified 10.10.2024 12:56:30
The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate user to an attacker-chosen URL. For a successful exploit, the legitimate ...
CVE-2024-46887
- EPSS 0.12%
- Published 08.10.2024 09:15:16
- Last modified 08.04.2025 21:15:46
The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and configured maximum cycle t...