Vulnerabilities > Dasannetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-13 | CVE-2023-42495 | OS Command Injection vulnerability in Dasannetworks W-Web Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 |
| 2019-04-11 | CVE-2019-9976 | Information Exposure Through Log Files vulnerability in Dasannetworks H660Rm Firmware 1.030022 The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users. | 4.0 |
| 2019-04-11 | CVE-2019-9975 | Use of Hard-coded Credentials vulnerability in Dasannetworks H660Rm Firmware 1.030022 DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. | 5.0 |
| 2019-04-11 | CVE-2019-9974 | Missing Authentication for Critical Function vulnerability in Dasannetworks H660Rm Firmware 1.030022 diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. | 6.4 |
| 2019-02-20 | CVE-2019-8950 | Use of Hard-coded Credentials vulnerability in Dasannetworks H665 Firmware 1.46P10028 The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. | 10.0 |
| 2018-10-01 | CVE-2018-17867 | OS Command Injection vulnerability in Dasannetworks H660Gw Firmware The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field). | 9.0 |
| 2018-05-04 | CVE-2018-10562 | OS Command Injection vulnerability in Dasannetworks Gpon Router Firmware An issue was discovered on Dasan GPON home routers. | 7.5 |
| 2018-05-04 | CVE-2018-10561 | Improper Authentication vulnerability in Dasannetworks Gpon Router Firmware An issue was discovered on Dasan GPON home routers. | 7.5 |
| 2018-01-21 | CVE-2017-18046 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dasannetworks H640X Firmware 12.0201121/2.77P11124/3.03P21146 Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi). | 7.5 |