Vulnerabilities > Comtrend

DATE CVE VULNERABILITY TITLE RISK
2020-10-23 CVE-2018-8062 Cross-site Scripting vulnerability in Comtrend Ar-5387Un Firmware A731410Jazc04R02.A2Pd035G.D23I
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.
network
low complexity
comtrend CWE-79
5.4
2020-03-05 CVE-2020-10173 OS Command Injection vulnerability in Comtrend Vr-3033 Firmware De11416Ssgc01R02.A2Pvi042J1.D26M
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.
network
low complexity
comtrend CWE-78
8.8
2018-12-23 CVE-2018-20388 Insufficiently Protected Credentials vulnerability in Comtrend Cm-6200Un Firmware and Cm-6300N Firmware
Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
network
low complexity
comtrend CWE-522
critical
9.8