Vulnerabilities > Compal

DATE CVE VULNERABILITY TITLE RISK
2020-01-09 CVE-2019-19494 Classic Buffer Overflow vulnerability in multiple products
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser.
9.3
2019-10-28 CVE-2019-17224 Path Traversal vulnerability in Compal Ch7465Lg Firmware Ch7465Lgncip6.12.18.252P6Nosh
The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory.
network
low complexity
compal CWE-22
5.0
2019-10-11 CVE-2019-17499 OS Command Injection vulnerability in Compal Ch7465Lg Firmware 6.12.18.252P4
The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.
network
low complexity
compal CWE-78
critical
9.0
2019-10-02 CVE-2019-13025 Incorrect Resource Transfer Between Spheres vulnerability in Compal Ch7465Lg Firmware Ch7465Lgncip6.12.18.245P8Nosh
Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation.
network
low complexity
compal CWE-669
7.5