Vulnerabilities > Redlion
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2022-1039 | Weak Password Requirements vulnerability in Redlion Da50N Firmware The weak password on the web user interface can be exploited via HTTP or HTTPS. | 10.0 |
| 2022-04-20 | CVE-2022-26516 | Insufficient Verification of Data Authenticity vulnerability in Redlion Da50N Firmware Authorized users may install a maliciously modified package file when updating the device via the web user interface. | 6.8 |
| 2022-04-20 | CVE-2022-27179 | Insufficiently Protected Credentials vulnerability in Redlion Da50N Firmware A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. | 4.0 |
| 2021-01-06 | CVE-2020-27283 | Improper Resource Shutdown or Release vulnerability in Redlion Crimson 3.1 An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations. | 5.0 |
| 2021-01-06 | CVE-2020-27279 | NULL Pointer Dereference vulnerability in Redlion Crimson 3.1 A NULL pointer deference vulnerability has been identified in the protocol converter. | 7.8 |
| 2021-01-06 | CVE-2020-27285 | Missing Authentication for Critical Function vulnerability in Redlion Crimson 3.1 The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read and modify the database without authentication. | 6.4 |
| 2020-09-01 | CVE-2020-16210 | Cross-site Scripting vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions). | 3.5 |
| 2020-09-01 | CVE-2020-16208 | Cross-Site Request Forgery (CSRF) vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions). | 9.3 |
| 2020-09-01 | CVE-2020-16206 | Cross-site Scripting vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions). | 3.5 |
| 2020-09-01 | CVE-2020-16204 | Hidden Functionality vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions). | 10.0 |