Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20074 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. | |||||
| CVE-2019-20075 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | |||||
| CVE-2019-20071 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 5.8 MEDIUM | 6.5 MEDIUM |
| On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. | |||||
| CVE-2019-20076 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). | |||||
| CVE-2019-20070 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | |||||
| CVE-2019-20072 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). | |||||
| CVE-2019-20073 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2020-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). | |||||