Skip to main content
CVE-2015-5995 CRITICAL POC THREAT Emergency

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Privilege Escalation Tenda N3 Wireless N150 Medialink Mwn Wapr300N Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.2%
Threat
4.6
CVE-2015-6018 CRITICAL POC THREAT Emergency

The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.

Zyxel Privilege Escalation Pmg5318 B20A Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
22.1%
Threat
4.1
CVE-2015-6016 CRITICAL Act Now

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zyxel Authentication Bypass Nbg 418N Zynos Firmware Pmg5318 B20A Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2015-5989 CRITICAL Act Now

Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Gs1900 10Hp Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2015-2874 CRITICAL Act Now

Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wireless Mobile Storage Wireless Plus Mobile Storage Lac9000436U Firmware Lac9000464U Firmware +1
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2015-5988 CRITICAL Act Now

The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs1900 10Hp Firmware
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2015-7277 CRITICAL Act Now

The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass R10000 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-7280 CRITICAL Act Now

The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wrt300N Dd Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy