VYPR

PRC2402M

by PROLiNK

CVEs (5)

  • CVE-2021-35402CriFeb 20, 2026
    risk 0.65cvss 10.0epss 0.01

    PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).

  • CVE-2021-36707CriAug 6, 2021
    risk 0.64cvss 9.8epss 0.03

    In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.

  • CVE-2021-36706CriAug 6, 2021
    risk 0.64cvss 9.8epss 0.03

    In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system.

  • CVE-2021-36705CriAug 6, 2021
    risk 0.64cvss 9.8epss 0.03

    In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system.

  • CVE-2021-36708HigAug 6, 2021
    risk 0.49cvss 7.5epss 0.01

    In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router.