ASKEY
Products
8- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15357 | Cri | 0.64 | 9.8 | 0.04 | Dec 11, 2020 | Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options. | ||
| CVE-2020-26201 | Cri | 0.64 | 9.8 | 0.02 | Dec 10, 2020 | Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH. | ||
| CVE-2020-8614 | Cri | 0.64 | 9.8 | 0.03 | Feb 13, 2020 | An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188. | ||
| CVE-2019-12489 | Cri | 0.64 | 9.8 | 0.06 | Nov 26, 2019 | An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter. | ||
| CVE-2020-28695 | Hig | 0.57 | 8.8 | 0.02 | Mar 26, 2021 | Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. | ||
| CVE-2022-47040 | Hig | 0.51 | 7.8 | 0.00 | Jan 26, 2023 | An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80. | ||
| CVE-2021-27404 | Med | 0.40 | 6.1 | 0.01 | Feb 19, 2021 | Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. | ||
| CVE-2021-27403 | Med | 0.40 | 6.1 | 0.01 | Feb 19, 2021 | Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. | ||
| CVE-2020-15023 | Med | 0.38 | 5.9 | 0.02 | Dec 11, 2020 | Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt,… |
- risk 0.64cvss 9.8epss 0.04
Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.
- risk 0.64cvss 9.8epss 0.02
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188.
- risk 0.64cvss 9.8epss 0.06
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.
- risk 0.57cvss 8.8epss 0.02
Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root.
- risk 0.51cvss 7.8epss 0.00
An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.
- risk 0.40cvss 6.1epss 0.01
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.
- risk 0.40cvss 6.1epss 0.01
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
- risk 0.38cvss 5.9epss 0.02
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt,…