Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-10248 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3. | |||||
CVE-2020-10249 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3. | |||||
CVE-2020-10250 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2020-03-10 | 10.0 HIGH | 9.8 CRITICAL |
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3. |