Sitecom
Products
6- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1922 | 0.03 | — | 0.01 | Jan 24, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port… | |||
| CVE-2012-1921 | 0.03 | — | 0.01 | Aug 26, 2012 | Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter. | |||
| CVE-2024-40114 | 0.00 | — | 0.00 | Jun 2, 2025 | A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code. | |||
| CVE-2024-40112 | 0.00 | — | 0.00 | Jun 2, 2025 | A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose… | |||
| CVE-2024-40113 | 0.00 | — | 0.00 | Jun 2, 2025 | Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials. | |||
| CVE-2013-6786 | 0.00 | — | 0.02 | Jan 16, 2014 | Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote… | |||
| CVE-2011-4503 | 0.00 | — | 0.02 | Nov 22, 2011 | The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | |||
| CVE-2011-4502 | 0.00 | — | 0.06 | Nov 22, 2011 | The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15… | |||
| CVE-2011-4501 | 0.00 | — | 0.04 | Nov 22, 2011 | The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15… | |||
| CVE-2006-2560 | 0.00 | — | 0.02 | May 24, 2006 | Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary… |
- CVE-2012-1922Jan 24, 2013risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port…
- CVE-2012-1921Aug 26, 2012risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter.
- CVE-2024-40114Jun 2, 2025risk 0.00cvss —epss 0.00
A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.
- CVE-2024-40112Jun 2, 2025risk 0.00cvss —epss 0.00
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose…
- CVE-2024-40113Jun 2, 2025risk 0.00cvss —epss 0.00
Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
- CVE-2013-6786Jan 16, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote…
- CVE-2011-4503Nov 22, 2011risk 0.00cvss —epss 0.02
The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
- CVE-2011-4502Nov 22, 2011risk 0.00cvss —epss 0.06
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15…
- CVE-2011-4501Nov 22, 2011risk 0.00cvss —epss 0.04
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15…
- CVE-2006-2560May 24, 2006risk 0.00cvss —epss 0.02
Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary…