Skip to main content

Ac21000 G6 Firmware

7 CVEs product

Monthly

CVE-2023-24052 CRITICAL Act Now

An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ac21000 G6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24051 CRITICAL Act Now

A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ac21000 G6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24050 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Ac21000 G6 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-24049 CRITICAL Act Now

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Brute Force Ac21000 G6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24048 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ac21000 G6 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24047 MEDIUM This Month

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ac21000 G6 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-24046 MEDIUM POC This Month

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac21000 G6 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ac21000 G6 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ac21000 G6 Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Ac21000 G6 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Brute Force Ac21000 G6 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ac21000 G6 Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ac21000 G6 Firmware
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac21000 G6 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy