Vulnerabilities > Beeline

DATE CVE VULNERABILITY TITLE RISK
2021-11-10 CVE-2021-41426 Cross-Site Request Forgery (CSRF) vulnerability in Beeline Smart BOX Firmware 2.0.38
Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm.
network
low complexity
beeline CWE-352
8.8
2021-11-10 CVE-2021-41427 Cross-site Scripting vulnerability in Beeline Smart BOX Firmware 2.0.38
Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi.
network
low complexity
beeline CWE-79
6.1
2020-04-29 CVE-2020-12246 OS Command Injection vulnerability in Beeline Smart BOX Firmware 2.0.38
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter.
network
low complexity
beeline CWE-78
8.8
2018-07-13 CVE-2016-6564 Permissions, Privileges, and Access Controls vulnerability in multiple products
Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks.
8.1