Vulnerabilities > Twsz
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-01 | CVE-2018-9232 | Improper Authentication vulnerability in Twsz Be126 Firmware Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. | 7.8 |
| 2017-09-20 | CVE-2017-8772 | Use of Hard-coded Credentials vulnerability in Twsz Wifi Repeater Firmware On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. | 9.8 |
| 2017-09-20 | CVE-2017-8771 | Use of Hard-coded Credentials vulnerability in Twsz Wifi Repeater Firmware On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). | 9.8 |
| 2017-09-20 | CVE-2017-8770 | Information Exposure vulnerability in Twsz Wifi Repeater Firmware There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. | 7.5 |
| 2017-09-07 | CVE-2017-13713 | OS Command Injection vulnerability in Twsz Wifi Repeater Firmware T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | 8.8 |