DL4323
by Netis
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-20070 | 0.00 | — | 0.01 | Dec 29, 2019 | On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | |||
| CVE-2019-20071 | 0.00 | — | 0.01 | Dec 29, 2019 | On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. | |||
| CVE-2019-20072 | 0.00 | — | 0.01 | Dec 29, 2019 | On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). | |||
| CVE-2019-20073 | 0.00 | — | 0.01 | Dec 29, 2019 | On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). | |||
| CVE-2019-20074 | 0.00 | — | 0.01 | Dec 29, 2019 | On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. | |||
| CVE-2019-20075 | 0.00 | — | 0.01 | Dec 29, 2019 | On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | |||
| CVE-2019-20076 | 0.00 | — | 0.01 | Dec 29, 2019 | On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). |
- CVE-2019-20070Dec 29, 2019risk 0.00cvss —epss 0.01
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
- CVE-2019-20071Dec 29, 2019risk 0.00cvss —epss 0.01
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
- CVE-2019-20072Dec 29, 2019risk 0.00cvss —epss 0.01
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).
- CVE-2019-20073Dec 29, 2019risk 0.00cvss —epss 0.01
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
- CVE-2019-20074Dec 29, 2019risk 0.00cvss —epss 0.01
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
- CVE-2019-20075Dec 29, 2019risk 0.00cvss —epss 0.01
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).
- CVE-2019-20076Dec 29, 2019risk 0.00cvss —epss 0.01
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).