Skip to main content

H660Gw Firmware

3 CVEs product

Monthly

CVE-2018-17869 HIGH This Week

DASAN H660GW devices do not implement any CSRF protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF H660Gw Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-17868 MEDIUM POC This Month

DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS H660Gw Firmware
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-17867 HIGH POC This Week

The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection H660Gw Firmware
NVD
CVSS 3.0
7.2
EPSS
3.8%
EPSS 0% CVSS 8.8
HIGH This Week

DASAN H660GW devices do not implement any CSRF protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF H660Gw Firmware
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS H660Gw Firmware
NVD
EPSS 4% CVSS 7.2
HIGH POC This Week

The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection H660Gw Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy