Vulnerabilities > Comtrend

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-23	CVE-2018-8062	Cross-site Scripting vulnerability in Comtrend Ar-5387Un Firmware A731410Jazc04R02.A2Pd035G.D23I A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. network low complexity comtrend CWE-79	5.4
2020-03-05	CVE-2020-10173	OS Command Injection vulnerability in Comtrend Vr-3033 Firmware De11416Ssgc01R02.A2Pvi042J1.D26M Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. network low complexity comtrend CWE-78	8.8
2018-12-23	CVE-2018-20388	Insufficiently Protected Credentials vulnerability in Comtrend Cm-6200Un Firmware and Cm-6300N Firmware Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. network low complexity comtrend CWE-522 critical	9.8

Vulnerabilities > Comtrend {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Comtrend"}]}