Vulnerabilities > Hitrontech

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2022-47616 OS Command Injection vulnerability in Hitrontech Coda-5310 Firmware
Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function.
network
low complexity
hitrontech CWE-78
7.2
7.2
2023-06-02 CVE-2022-47617 Use of Hard-coded Credentials vulnerability in Hitrontech Coda-5310 Firmware
Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code.
network
low complexity
hitrontech CWE-798
7.2
7.2
2023-06-02 CVE-2023-30602 Missing Encryption of Sensitive Data vulnerability in Hitrontech Coda-5310 Firmware 7.2.4.7.1B3
Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext.
network
low complexity
hitrontech CWE-311
7.5
7.5
2023-06-02 CVE-2023-30603 Improper Authentication vulnerability in Hitrontech Coda-5310 Firmware 7.2.4.7.1B3
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account.
network
low complexity
hitrontech CWE-287
critical
 9.8
9.8
2023-06-02 CVE-2023-30604 Missing Authentication for Critical Function vulnerability in Hitrontech Coda-5310 Firmware 7.2.4.7.1B3
It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310.
network
low complexity
hitrontech CWE-306
critical
 9.8
9.8
2022-04-01 CVE-2022-25017 OS Command Injection vulnerability in Hitrontech Chita Firmware 7.2.2.0.3B6Cd
Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.
network
low complexity
hitrontech CWE-78
critical
 9.0
9.0
2020-02-19 CVE-2020-8824 Cross-site Scripting vulnerability in Hitrontech Coda-4582U Firmware 7.1.1.30
Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen.
network
hitrontech CWE-79
3.5
3.5
2018-01-07 CVE-2014-10069 Cryptographic Issues vulnerability in Hitrontech Cve-30360 Firmware 3.1.1.21
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.
network
low complexity
hitrontech CWE-310
5.0
5.0