Vulnerabilities > Redlion > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-06 CVE-2023-5719 Unspecified vulnerability in Redlion Crimson
The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device.
network
low complexity
redlion
critical
 9.8
9.8
2022-04-20 CVE-2022-1039 Weak Password Requirements vulnerability in Redlion Da50N Firmware
The weak password on the web user interface can be exploited via HTTP or HTTPS.
network
low complexity
redlion CWE-521
critical
 10.0
10
2020-09-01 CVE-2020-16210 Cross-site Scripting vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware
The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).
network
low complexity
redlion CWE-79
critical
 9.0
9.0
2020-09-01 CVE-2020-16208 Cross-Site Request Forgery (CSRF) vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).
network
redlion CWE-352
critical
 9.3
9.3
2020-09-01 CVE-2020-16206 Cross-site Scripting vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware
The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
network
low complexity
redlion CWE-79
critical
 9.0
9.0
2020-09-01 CVE-2020-16204 Hidden Functionality vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
network
low complexity
redlion CWE-912
critical
 9.8
9.8
2018-05-09 CVE-2016-9335 Use of Hard-coded Credentials vulnerability in Redlion products
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190.
network
low complexity
redlion CWE-798
critical
 10.0
10