Note:
This project will be discontinued after December 13, 2021. [more]
Product:
L206\-F2g_firmware
(Westermo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-06 | CVE-2023-40143 | An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. | L206\-F2g_firmware | 5.4 | ||
| 2024-02-06 | CVE-2023-40544 | An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | L206\-F2g_firmware | 5.7 | ||
| 2024-02-06 | CVE-2023-42765 | An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. | L206\-F2g_firmware | 5.4 | ||
| 2024-02-06 | CVE-2023-45213 | A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | L206\-F2g_firmware | 6.5 | ||
| 2024-02-06 | CVE-2023-38579 | The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. | L206\-F2g_firmware | 8.8 | ||
| 2024-02-06 | CVE-2023-45735 | A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. | L206\-F2g_firmware | 8.0 | ||
| 2024-02-06 | CVE-2023-45222 | An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. | L206\-F2g_firmware | 5.4 | ||
| 2024-02-06 | CVE-2023-45227 | An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. | L206\-F2g_firmware | 5.4 |