VYPR

DiREX-Pro

by BWA

CVEs (3)

  • CVE-2020-10250CriMar 9, 2020
    risk 0.64cvss 9.8epss 0.03

    BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.

  • CVE-2020-10248HigMar 9, 2020
    risk 0.49cvss 7.5epss 0.01

    BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.

  • CVE-2020-10249MedMar 9, 2020
    risk 0.35cvss 5.3epss 0.01

    BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3.