Vulnerabilities > Westermo > DR 260 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-05-24 CVE-2018-19613 Cross-Site Request Forgery (CSRF) vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware
Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF.
network
low complexity
westermo CWE-352
6.5
6.5
2019-05-24 CVE-2018-19612 Unrestricted Upload of File with Dangerous Type vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware
The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code.
network
low complexity
westermo CWE-434
8.8
8.8
2019-05-23 CVE-2018-19614 Cross-site Scripting vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware
XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers.
network
low complexity
westermo CWE-79
6.1
6.1