Filtered by vendor Comtechtel
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7244 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
CVE-2020-7243 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
CVE-2020-7242 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-24 | 9.0 HIGH | 7.2 HIGH |
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
CVE-2020-5179 | 1 Comtechtel | 2 Stampede Fx-1010, Stampede Fx-1010 Firmware | 2020-01-13 | 9.0 HIGH | 7.2 HIGH |
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) | |||||
CVE-2019-17667 | 1 Comtechtel | 2 H8 Heights Remote Gateway, H8 Heights Remote Gateway Firmware | 2020-01-10 | 3.5 LOW | 5.4 MEDIUM |
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field. |