Vulnerabilities > Westermo > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2023-38579 Cross-Site Request Forgery (CSRF) vulnerability in Westermo L206-F2G Firmware 4.24
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly.
network
low complexity
westermo CWE-352
8.8
2024-02-06 CVE-2023-45735 Code Injection vulnerability in Westermo L206-F2G Firmware 4.24
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.
network
low complexity
westermo CWE-94
8.0
2019-05-24 CVE-2018-19612 Unrestricted Upload of File with Dangerous Type vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware
The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code.
network
low complexity
westermo CWE-434
8.8
2017-08-25 CVE-2017-12703 Cross-Site Request Forgery (CSRF) vulnerability in Westermo products
A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0.
network
low complexity
westermo CWE-352
8.8
2017-08-25 CVE-2016-5816 Use of Hard-coded Credentials vulnerability in Westermo products
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0.
network
low complexity
westermo CWE-798
7.5