Vulnerabilities > Westermo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2023-40143 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-40544 | Cleartext Transmission of Sensitive Information vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | 5.7 |
| 2024-02-06 | CVE-2023-42765 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. | 5.4 |
| 2024-02-06 | CVE-2023-45213 | Incorrect Comparison vulnerability in Westermo L206-F2G Firmware 4.24 A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | 6.5 |
| 2024-02-06 | CVE-2023-45222 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. | 5.4 |
| 2024-02-06 | CVE-2023-45227 | Cross-site Scripting vulnerability in Westermo L206-F2G Firmware 4.24 An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. | 5.4 |
| 2020-01-18 | CVE-2020-7227 | Unspecified vulnerability in Westermo Mrd-315 Firmware 1.7.3/1.7.4 Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. | 6.5 |
| 2019-05-24 | CVE-2018-19613 | Cross-Site Request Forgery (CSRF) vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. | 6.5 |
| 2019-05-23 | CVE-2018-19614 | Cross-site Scripting vulnerability in Westermo Dr-250 Firmware, Dr-260 Firmware and Mr-260 Firmware XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers. | 6.1 |
| 2017-08-25 | CVE-2017-12709 | Use of Hard-coded Credentials vulnerability in Westermo products A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. | 5.3 |