VYPR
Vendor

Dbltek

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2017-16934CriNov 24, 2017
    risk 0.68cvss 9.8epss 0.13

    The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp…

  • CVE-2017-20204CriOct 15, 2025
    risk 0.61cvss epss 0.01

    DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented user via a proprietary challenge–response scheme which is fundamentally flawed. Because the…

  • CVE-2022-4982HigNov 12, 2025
    risk 0.57cvss epss 0.00

    DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated…

  • CVE-2002-0680Jul 23, 2002
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a…