Vulnerabilities > Free

DATE CVE VULNERABILITY TITLE RISK
2020-10-19 CVE-2020-24375 Authentication Bypass by Spoofing vulnerability in Free Freebox Server and Freebox V5 Firmware
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
network
low complexity
free CWE-290
6.5
2020-09-16 CVE-2020-24377 Improper Input Validation vulnerability in Free products
A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.
network
low complexity
free CWE-20
critical
9.6
2020-09-16 CVE-2020-24376 Improper Input Validation vulnerability in Free products
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3.
network
low complexity
free CWE-20
critical
9.6
2020-09-16 CVE-2020-24374 Improper Input Validation vulnerability in Free Freebox HD Firmware
A DNS rebinding vulnerability in Freebox v5 before 1.5.29.
network
low complexity
free CWE-20
critical
9.6
2020-09-16 CVE-2020-24373 Cross-Site Request Forgery (CSRF) vulnerability in Free products
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
network
low complexity
free CWE-352
8.8
2020-01-13 CVE-2014-9382 Cross-Site Request Forgery (CSRF) vulnerability in Free Freebox OS 3.0.2
Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation
network
low complexity
free CWE-352
6.5
2020-01-06 CVE-2014-9405 Cross-site Scripting vulnerability in Free Freebox OS 3.0.2
A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.
network
low complexity
free CWE-79
5.4