Vulnerabilities > Hongdian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-49258 | Cross-site Scripting vulnerability in Hongdian H8951-4G-Esp Firmware User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter. | 6.1 |
| 2024-01-12 | CVE-2023-49260 | Cross-site Scripting vulnerability in Hongdian H8951-4G-Esp Firmware An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. | 6.1 |
| 2021-05-06 | CVE-2021-28149 | Path Traversal vulnerability in Hongdian H8922 Firmware 3.0.5 Hongdian H8922 3.0.5 devices allow Directory Traversal. | 4.0 |