Skip to main content

H660Rm Firmware

3 CVEs product

Monthly

CVE-2019-9976 HIGH This Week

The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure H660Rm Firmware
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2019-9975 HIGH POC This Week

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H660Rm Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2019-9974 CRITICAL POC Act Now

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H660Rm Firmware
NVD
CVSS 3.0
9.1
EPSS
2.9%
EPSS 1% CVSS 8.8
HIGH This Week

The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure H660Rm Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H660Rm Firmware
NVD
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H660Rm Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy