Vulnerabilities > Westermo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-24 | CVE-2018-19613 | Cross-Site Request Forgery (CSRF) vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. | 4.3 |
| 2019-05-24 | CVE-2018-19612 | Unrestricted Upload of File with Dangerous Type vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. | 6.5 |
| 2019-05-23 | CVE-2018-19614 | Cross-site Scripting vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers. | 4.3 |
| 2017-08-25 | CVE-2017-12709 | Use of Hard-coded Credentials vulnerability in Westermo products A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. | 2.1 |
| 2017-08-25 | CVE-2017-12703 | Cross-Site Request Forgery (CSRF) vulnerability in Westermo products A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. | 6.8 |
| 2017-08-25 | CVE-2016-5816 | Use of Hard-coded Credentials vulnerability in Westermo products A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. | 5.0 |
| 2016-01-30 | CVE-2015-7923 | Cryptographic Issues vulnerability in Westermo Weos 4.18.0 Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. | 9.3 |