DiREX-Pro
by BWA
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10250 | Cri | 0.64 | 9.8 | 0.03 | Mar 9, 2020 | BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3. | ||
| CVE-2020-10248 | Hig | 0.49 | 7.5 | 0.01 | Mar 9, 2020 | BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. | ||
| CVE-2020-10249 | Med | 0.35 | 5.3 | 0.01 | Mar 9, 2020 | BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3. |
- risk 0.64cvss 9.8epss 0.03
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.
- risk 0.49cvss 7.5epss 0.01
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.
- risk 0.35cvss 5.3epss 0.01
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3.