Skip to main content

Smart Box Firmware

3 CVEs product

Monthly

CVE-2021-41427 MEDIUM POC This Month

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smart Box Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-41426 HIGH POC This Week

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Smart Box Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-12246 HIGH POC This Week

Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Smart Box Firmware
NVD
CVSS 3.1
8.8
EPSS
4.9%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smart Box Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Smart Box Firmware
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Smart Box Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy