Vulnerabilities > Evenroute > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-21 | CVE-2020-11967 | Missing Authorization vulnerability in Evenroute Iqrouter Firmware 3.3.1 In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. | 9.8 |
| 2020-04-21 | CVE-2020-11966 | Weak Password Requirements vulnerability in Evenroute Iqrouter Firmware 3.3.1 In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. | 9.8 |
| 2020-04-21 | CVE-2020-11965 | Improper Authentication vulnerability in Evenroute Iqrouter Firmware 3.3.1 In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. | 9.8 |
| 2020-04-21 | CVE-2020-11963 | OS Command Injection vulnerability in Evenroute Iqrouter Firmware 3.3.1 IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. | 9.8 |