Vulnerabilities > Juplink > RX4 1500 Firmware > 1.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-22 | CVE-2023-41027 | Information Exposure Through an Error Message vulnerability in Juplink Rx4-1500 Firmware 1.0.4/1.0.5 Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. | 8.8 |
| 2023-09-22 | CVE-2023-41029 | Command Injection vulnerability in Juplink Rx4-1500 Firmware Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint. | 8.8 |
| 2023-09-22 | CVE-2023-41031 | Command Injection vulnerability in Juplink Rx4-1500 Firmware Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint. | 8.8 |
| 2023-09-18 | CVE-2023-41030 | Use of Hard-coded Credentials vulnerability in Juplink Rx4-1500 Firmware Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. | 9.8 |
| 2023-08-23 | CVE-2023-41028 | Out-of-bounds Write vulnerability in Juplink Rx4-1500 Firmware A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. | 8.8 |
| 2020-04-23 | CVE-2020-8798 | Incorrect Default Permissions vulnerability in Juplink Rx4-1500 Firmware 1.0.3/1.0.4/1.0.5 httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network. | 5.5 |