Vulnerabilities > Netmodule > Netmodule Router Software > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2023-0862 | Path Traversal vulnerability in Netmodule Router Software The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. | 8.8 |
| 2023-02-16 | CVE-2023-0861 | OS Command Injection vulnerability in Netmodule Router Software NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | 8.8 |
| 2021-08-23 | CVE-2021-39289 | Insufficiently Protected Credentials vulnerability in Netmodule Router Software 4.3.0.0/4.4.0.0 Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | 7.5 |
| 2021-08-23 | CVE-2021-39291 | Information Exposure Through Log Files vulnerability in Netmodule Router Software 4.3.0.0/4.4.0.0 Certain NetModule devices allow credentials via GET parameters to CLI-PHP. | 8.8 |