Vulnerabilities > Juplink > RX4 1500 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-23 | CVE-2020-8798 | Incorrect Default Permissions vulnerability in Juplink Rx4-1500 Firmware 1.0.3/1.0.4/1.0.5 httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network. | 5.5 |
| 2020-04-23 | CVE-2020-8797 | OS Command Injection vulnerability in Juplink Rx4-1500 Firmware 1.0.3 Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network. | 6.7 |