Vulnerabilities > Optilinknetwork

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2020-23584 Command Injection vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution.
network
low complexity
optilinknetwork CWE-77
critical
9.8
2022-11-23 CVE-2020-23586 Cross-Site Request Forgery (CSRF) vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.
network
low complexity
optilinknetwork CWE-352
4.3
2022-11-23 CVE-2020-23587 Cross-Site Request Forgery (CSRF) vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp ".
network
high complexity
optilinknetwork CWE-352
3.1
2022-11-23 CVE-2020-23588 Cross-Site Request Forgery (CSRF) vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ".
network
low complexity
optilinknetwork CWE-352
4.3
2022-11-23 CVE-2020-23589 Cross-Site Request Forgery (CSRF) vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through " /mgm_dev_reboot.asp."
network
low complexity
optilinknetwork CWE-352
6.5
2022-11-23 CVE-2020-23590 Cross-Site Request Forgery (CSRF) vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp".
network
low complexity
optilinknetwork CWE-352
6.5
2022-11-23 CVE-2020-23591 Unrestricted Upload of File with Dangerous Type vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor.
network
low complexity
optilinknetwork CWE-434
critical
9.8
2022-11-23 CVE-2020-23592 Cross-Site Request Forgery (CSRF) vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.
network
low complexity
optilinknetwork CWE-352
8.8
2022-11-23 CVE-2020-23583 Command Injection vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution.
network
low complexity
optilinknetwork CWE-77
critical
9.8
2022-11-23 CVE-2020-23585 Cross-Site Request Forgery (CSRF) vulnerability in Optilinknetwork Op-Xt71000N Firmware 3.3.1191028
A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028.
network
low complexity
optilinknetwork CWE-352
8.8