VYPR
Vendor

ASKEY

Products
8
CVEs
9
Across products
10
Status
Private

Products

8

Recent CVEs

9
  • CVE-2020-15357CriDec 11, 2020
    risk 0.64cvss 9.8epss 0.04

    Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.

  • CVE-2020-26201CriDec 10, 2020
    risk 0.64cvss 9.8epss 0.02

    Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.

  • CVE-2020-8614CriFeb 13, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188.

  • CVE-2019-12489CriNov 26, 2019
    risk 0.64cvss 9.8epss 0.06

    An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.

  • CVE-2020-28695HigMar 26, 2021
    risk 0.57cvss 8.8epss 0.02

    Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root.

  • CVE-2022-47040HigJan 26, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.

  • CVE-2021-27404MedFeb 19, 2021
    risk 0.40cvss 6.1epss 0.01

    Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.

  • CVE-2021-27403MedFeb 19, 2021
    risk 0.40cvss 6.1epss 0.01

    Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.

  • CVE-2020-15023MedDec 11, 2020
    risk 0.38cvss 5.9epss 0.02

    Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt,…