Vulnerabilities > Westermo > L206 F2G Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2023-38579 | Cross-Site Request Forgery (CSRF) vulnerability in Westermo L206-F2G Firmware 4.24 The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. | 8.8 |
| 2024-02-06 | CVE-2023-40143 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-40544 | Cleartext Transmission of Sensitive Information vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | 5.7 |
| 2024-02-06 | CVE-2023-42765 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. | 5.4 |
| 2024-02-06 | CVE-2023-45213 | Incorrect Comparison vulnerability in Westermo L206-F2G Firmware 4.24 A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | 6.5 |
| 2024-02-06 | CVE-2023-45222 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-45227 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-45735 | Code Injection vulnerability in Westermo L206-F2G Firmware 4.24 A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. | 8.0 |