Greenpacket

Dx-350 Firmware

5 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2016-6552

  • EPSS 0.65%
  • Published 13.07.2018 20:29:00
  • Last modified 21.11.2024 02:56:20

Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.

8.8

CVE-2017-9930

Exploit
  • EPSS 0.14%
  • Published 21.07.2017 06:29:00
  • Last modified 20.04.2025 01:37:25

Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.

6.1

CVE-2017-9931

Exploit
  • EPSS 0.24%
  • Published 21.07.2017 06:29:00
  • Last modified 20.04.2025 01:37:25

Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.

9.8

CVE-2017-9932

Exploit
  • EPSS 0.44%
  • Published 21.07.2017 06:29:00
  • Last modified 20.04.2025 01:37:25

Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.

9.8

CVE-2017-9980

Exploit
  • EPSS 4.4%
  • Published 21.07.2017 06:29:00
  • Last modified 20.04.2025 01:37:25

In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter.