Vulnerabilities > Intenogroup
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-16 | CVE-2019-13140 | Files or Directories Accessible to External Parties vulnerability in Intenogroup Eg200 Firmware Eg200Wu7P1Uadamo3.16.41902261650 Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. | 4.0 |
| 2018-07-31 | CVE-2018-14533 | Unspecified vulnerability in Intenogroup Iopsys Firmware read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp. | 7.2 |
| 2018-05-16 | CVE-2018-10123 | Unspecified vulnerability in Intenogroup Iopsys Firmware p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. | 9.0 |
| 2018-01-04 | CVE-2017-17867 | Incorrect Permission Assignment for Critical Resource vulnerability in Intenogroup Iopsys 2.0/3.14/4.0 Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. | 8.8 |
| 2017-07-17 | CVE-2017-11361 | Improper Privilege Management vulnerability in Intenogroup Inteno Router Firmware Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. | 9.0 |