Vulnerabilities > Direct Request ('Forced Browsing')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-27 | CVE-2019-12583 | Forced Browsing vulnerability in Zyxel products Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator. | 9.1 |
| 2019-06-20 | CVE-2019-1899 | Forced Browsing vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. | 5.3 |
| 2019-06-20 | CVE-2019-1898 | Forced Browsing vulnerability in Cisco Rv110W Firmware, Rv130W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. | 5.3 |
| 2019-04-30 | CVE-2019-3934 | Forced Browsing vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. | 5.3 |
| 2019-04-30 | CVE-2019-3933 | Forced Browsing vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. | 5.3 |
| 2019-04-11 | CVE-2019-3916 | Forced Browsing vulnerability in Verizon Fios Quantum Gateway G1100 Firmware 02.01.00.05 Information disclosure vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an remote, unauthenticated attacker to retrieve the value of the password salt by simply requesting an API URL in a web browser (e.g. | 7.5 |
| 2019-03-21 | CVE-2018-18862 | Forced Browsing vulnerability in BMC Remedy Action Request System and Remedy Mid-Tier BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has Incorrect Access Control in ITAM forms, as demonstrated by TLS%3APLR-Configuration+Details/Default+Admin+View/, AST%3AARServerConnection/Default+Admin+View/, and AR+System+Administration%3A+Server+Information/Default+Admin+View/. | 8.8 |
| 2019-03-05 | CVE-2019-3917 | Forced Browsing vulnerability in Nokia I-240W-Q Gpon ONT Firmware 3Fe54567Bozj19 The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. | 7.5 |
| 2019-03-04 | CVE-2019-9552 | Forced Browsing vulnerability in Eloan Project Eloan 20180920/3.0 Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI. | 9.8 |
| 2019-02-28 | CVE-2019-6551 | Forced Browsing vulnerability in Pangea-Comm FAX ATA 3.1.8 Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition. | 7.5 |