VYPR
Vendor

IQrouter

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2020-11967CriApr 21, 2020
    risk 0.64cvss 9.8epss 0.03

    In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial…

  • CVE-2020-11966CriApr 21, 2020
    risk 0.64cvss 9.8epss 0.03

    In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial…

  • CVE-2020-11965CriApr 21, 2020
    risk 0.64cvss 9.8epss 0.02

    In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has…

  • CVE-2020-11963CriApr 21, 2020
    risk 0.64cvss 9.8epss 0.03

    IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced…

  • CVE-2020-11968HigApr 21, 2020
    risk 0.49cvss 7.5epss 0.03

    In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a…