GL-AR750S-Ext
by Gl Inet
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-33620 | 0.00 | — | 0.01 | Jun 13, 2023 | GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | |||
| CVE-2023-33621 | 0.00 | — | 0.01 | Jun 13, 2023 | GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session… |
- CVE-2023-33620Jun 13, 2023risk 0.00cvss —epss 0.01
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.
- CVE-2023-33621Jun 13, 2023risk 0.00cvss —epss 0.01
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or access logs, potentially allowing attackers to bypass authentication via session…