Skip to main content

Dl4343 Firmware

7 CVEs product

Monthly

CVE-2019-20076 MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-20075 MEDIUM POC This Month

On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-20074 HIGH This Week

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dl4343 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-20073 MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-20072 MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-20071 MEDIUM POC This Month

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dl4343 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-20070 MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.4%
EPSS 2% CVSS 6.1
MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dl4343 Firmware
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dl4343 Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dl4343 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy