Vulnerabilities > Redlion

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-1039 Weak Password Requirements vulnerability in Redlion Da50N Firmware
The weak password on the web user interface can be exploited via HTTP or HTTPS.
network
low complexity
redlion CWE-521
critical
10.0
2022-04-20 CVE-2022-26516 Insufficient Verification of Data Authenticity vulnerability in Redlion Da50N Firmware
Authorized users may install a maliciously modified package file when updating the device via the web user interface.
network
redlion CWE-345
6.8
2022-04-20 CVE-2022-27179 Insufficiently Protected Credentials vulnerability in Redlion Da50N Firmware
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource.
network
low complexity
redlion CWE-522
4.0
2021-01-06 CVE-2020-27283 Improper Resource Shutdown or Release vulnerability in Redlion Crimson 3.1
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
network
low complexity
redlion CWE-404
5.0
2021-01-06 CVE-2020-27279 NULL Pointer Dereference vulnerability in Redlion Crimson 3.1
A NULL pointer deference vulnerability has been identified in the protocol converter.
network
low complexity
redlion CWE-476
7.8
2021-01-06 CVE-2020-27285 Missing Authentication for Critical Function vulnerability in Redlion Crimson 3.1
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication.
network
low complexity
redlion CWE-306
6.4
2020-09-01 CVE-2020-16210 Cross-site Scripting vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware
The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).
network
redlion CWE-79
3.5
2020-09-01 CVE-2020-16208 Cross-Site Request Forgery (CSRF) vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).
network
redlion CWE-352
critical
9.3
2020-09-01 CVE-2020-16206 Cross-site Scripting vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware
The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
network
redlion CWE-79
3.5
2020-09-01 CVE-2020-16204 Hidden Functionality vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
network
low complexity
redlion CWE-912
critical
10.0