Vulnerabilities > Westermo > L206 F2G Firmware

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2023-38579 Cross-Site Request Forgery (CSRF) vulnerability in Westermo L206-F2G Firmware 4.24
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly.
network
low complexity
westermo CWE-352
8.8
2024-02-06 CVE-2023-40143 Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter.
network
low complexity
westermo CWE-79
5.4
2024-02-06 CVE-2023-40544 Cleartext Transmission of Sensitive Information vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.
low complexity
westermo CWE-319
5.7
2024-02-06 CVE-2023-42765 Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.
network
low complexity
westermo CWE-79
5.4
2024-02-06 CVE-2023-45213 Incorrect Comparison vulnerability in Westermo L206-F2G Firmware 4.24
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.
network
low complexity
westermo CWE-697
6.5
2024-02-06 CVE-2023-45222 Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter.
network
low complexity
westermo CWE-79
5.4
2024-02-06 CVE-2023-45227 Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.
network
low complexity
westermo CWE-79
5.4
2024-02-06 CVE-2023-45735 Code Injection vulnerability in Westermo L206-F2G Firmware 4.24
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.
network
low complexity
westermo CWE-94
8.0