Vulnerabilities > Hitrontech

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2022-47616 OS Command Injection vulnerability in Hitrontech Coda-5310 Firmware
Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function.
network
low complexity
hitrontech CWE-78
7.2
2023-06-02 CVE-2023-30603 Unspecified vulnerability in Hitrontech Coda-5310 Firmware 7.2.4.7.1B3
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account.
network
low complexity
hitrontech
critical
9.8
2022-04-01 CVE-2022-25017 OS Command Injection vulnerability in Hitrontech Chita Firmware 7.2.2.0.3B6Cd
Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.
network
low complexity
hitrontech CWE-78
8.8
2020-02-19 CVE-2020-8824 Cross-site Scripting vulnerability in Hitrontech Coda-4582U Firmware 7.1.1.30
Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen.
network
low complexity
hitrontech CWE-79
5.4
2018-01-07 CVE-2014-10069 Cryptographic Issues vulnerability in Hitrontech Cve-30360 Firmware 3.1.1.21
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.
network
low complexity
hitrontech CWE-310
7.5