Vulnerabilities > Westermo > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2023-40143 Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter.
network
low complexity
westermo CWE-79
5.4
2024-02-06 CVE-2023-40544 Cleartext Transmission of Sensitive Information vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.
low complexity
westermo CWE-319
5.7
2024-02-06 CVE-2023-42765 Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.
network
low complexity
westermo CWE-79
5.4
2024-02-06 CVE-2023-45213 Incorrect Comparison vulnerability in Westermo L206-F2G Firmware 4.24
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.
network
low complexity
westermo CWE-697
6.5
2024-02-06 CVE-2023-45222 Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter.
network
low complexity
westermo CWE-79
5.4
2024-02-06 CVE-2023-45227 Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.
network
low complexity
westermo CWE-79
5.4
2020-01-18 CVE-2020-7227 Unspecified vulnerability in Westermo Mrd-315 Firmware 1.7.3/1.7.4
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters.
network
low complexity
westermo
6.5
2019-05-24 CVE-2018-19613 Cross-Site Request Forgery (CSRF) vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware
Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF.
network
low complexity
westermo CWE-352
6.5
2019-05-23 CVE-2018-19614 Cross-site Scripting vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware
XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers.
network
low complexity
westermo CWE-79
6.1
2017-08-25 CVE-2017-12709 Use of Hard-coded Credentials vulnerability in Westermo products
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0.
local
low complexity
westermo CWE-798
5.3