Vulnerabilities > Evenroute

DATE CVE VULNERABILITY TITLE RISK
2020-04-21 CVE-2020-11968 Information Exposure Through Log Files vulnerability in Evenroute Iqrouter Firmware 3.3.1
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control.
network
low complexity
evenroute CWE-532
7.5
2020-04-21 CVE-2020-11967 Missing Authorization vulnerability in Evenroute Iqrouter Firmware 3.3.1
In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control.
network
low complexity
evenroute CWE-862
critical
9.8
2020-04-21 CVE-2020-11966 Weak Password Requirements vulnerability in Evenroute Iqrouter Firmware 3.3.1
In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily.
network
low complexity
evenroute CWE-521
critical
9.8
2020-04-21 CVE-2020-11965 Improper Authentication vulnerability in Evenroute Iqrouter Firmware 3.3.1
In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH.
network
low complexity
evenroute CWE-287
critical
9.8
2020-04-21 CVE-2020-11964 Improper Authentication vulnerability in Evenroute Iqrouter Firmware 3.3.1
In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily.
network
low complexity
evenroute CWE-287
7.5
2020-04-21 CVE-2020-11963 OS Command Injection vulnerability in Evenroute Iqrouter Firmware 3.3.1
IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection.
network
low complexity
evenroute CWE-78
critical
9.8