Vulnerabilities > Iball > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-30 | CVE-2020-29292 | Cross-Site Request Forgery (CSRF) vulnerability in Iball Wrd12En Firmware 1.0.0 iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses. | 6.5 |
| 2020-06-29 | CVE-2020-15043 | Cross-Site Request Forgery (CSRF) vulnerability in Iball Wrb303N Firmware iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses. | 6.5 |
| 2019-05-28 | CVE-2018-20008 | Incorrect Permission Assignment for Critical Resource vulnerability in Iball Ib-Wrb302N Firmware Ibwrb302N20122017 iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. | 6.8 |
| 2018-01-30 | CVE-2018-6355 | Cross-site Scripting vulnerability in Iball Ib-Wrb302N Firmware 1.0.1Sep82017 /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter. | 6.1 |