Tdc X401gl Firmware
Monthly
Tdc X401gl firmware lacks clickjacking protections, allowing remote attackers to deceive users into executing unintended actions on maliciously crafted pages. An attacker could leverage this vulnerability to trick users into divulging sensitive information or modifying device settings without their knowledge or consent.
Denial of service conditions in TDC X401GL firmware can be triggered by authenticated network attackers through improper input handling at a system endpoint, resulting in resource exhaustion and service unavailability. The vulnerability requires valid credentials and network access but no user interaction, affecting the availability of affected devices. No patch is currently available for this medium-severity issue.
TDC X401GL firmware lacks proper authorization controls on privileged operations, allowing authenticated users to trigger system functions like reboot or factory reset without appropriate restrictions. This could enable attackers with low-level credentials to disrupt service availability or erase device configurations. No patch is currently available for this vulnerability.
Tdc X401gl Firmware contains an information disclosure vulnerability that allows authenticated attackers to access files in restricted directories on the device. The low-privileged access requirement and network-based attack vector create risk for exposure of sensitive data stored on affected devices. No patch is currently available for this vulnerability.
TDC X401GL devices allow authenticated users to write files to restricted locations due to insufficient access controls, enabling unauthorized system modification. The vulnerability requires valid credentials and affects the device's integrity but not confidentiality or availability. No patch is currently available for this firmware issue.
TDC X401GL firmware contains a reflected cross-site scripting vulnerability in URL parameter handling that allows unauthenticated attackers to inject malicious scripts executed in authenticated users' browsers. Successful exploitation enables attackers to steal sensitive data from compromised sessions without user knowledge. No patch is currently available.
Insufficient validation of login parameters in TDC X401gl Firmware enables open redirect attacks that can redirect authenticated users to attacker-controlled websites. This allows threat actors to harvest credentials and conduct phishing attacks against unsuspecting users following successful authentication. The vulnerability requires user interaction but carries minimal complexity, affecting systems accessible over the network.
TDC X401GL firmware updates contain hardcoded password hashes for system accounts that are accessible to unauthenticated remote attackers over the network. An attacker could extract these hashes and potentially recover credentials to gain unauthorized access to the device. No patch is currently available for this vulnerability.
TDC X401GL firmware contains hardcoded default credentials for privileged user accounts, enabling unauthenticated attackers to gain unauthorized administrative access over the network. This vulnerability affects all deployments using default configurations and could allow attackers to compromise system integrity and perform unauthorized operations. No patch is currently available.
TDC X401gl devices with unpatched firmware lack proper authorization controls for critical system functions, enabling unauthenticated remote attackers to arbitrarily start, stop, or delete applications and cause denial of service. This network-accessible vulnerability requires no user interaction and affects all default configurations. No patch is currently available.
Uploading unvalidated container images enables remote attackers with admin access to achieve full system compromise through malicious containers.
Container management vulnerability allows authenticated users to escape to the host filesystem with read/write access. CVSS 9.9 with scope change.
Tdc X401gl firmware lacks clickjacking protections, allowing remote attackers to deceive users into executing unintended actions on maliciously crafted pages. An attacker could leverage this vulnerability to trick users into divulging sensitive information or modifying device settings without their knowledge or consent.
Denial of service conditions in TDC X401GL firmware can be triggered by authenticated network attackers through improper input handling at a system endpoint, resulting in resource exhaustion and service unavailability. The vulnerability requires valid credentials and network access but no user interaction, affecting the availability of affected devices. No patch is currently available for this medium-severity issue.
TDC X401GL firmware lacks proper authorization controls on privileged operations, allowing authenticated users to trigger system functions like reboot or factory reset without appropriate restrictions. This could enable attackers with low-level credentials to disrupt service availability or erase device configurations. No patch is currently available for this vulnerability.
Tdc X401gl Firmware contains an information disclosure vulnerability that allows authenticated attackers to access files in restricted directories on the device. The low-privileged access requirement and network-based attack vector create risk for exposure of sensitive data stored on affected devices. No patch is currently available for this vulnerability.
TDC X401GL devices allow authenticated users to write files to restricted locations due to insufficient access controls, enabling unauthorized system modification. The vulnerability requires valid credentials and affects the device's integrity but not confidentiality or availability. No patch is currently available for this firmware issue.
TDC X401GL firmware contains a reflected cross-site scripting vulnerability in URL parameter handling that allows unauthenticated attackers to inject malicious scripts executed in authenticated users' browsers. Successful exploitation enables attackers to steal sensitive data from compromised sessions without user knowledge. No patch is currently available.
Insufficient validation of login parameters in TDC X401gl Firmware enables open redirect attacks that can redirect authenticated users to attacker-controlled websites. This allows threat actors to harvest credentials and conduct phishing attacks against unsuspecting users following successful authentication. The vulnerability requires user interaction but carries minimal complexity, affecting systems accessible over the network.
TDC X401GL firmware updates contain hardcoded password hashes for system accounts that are accessible to unauthenticated remote attackers over the network. An attacker could extract these hashes and potentially recover credentials to gain unauthorized access to the device. No patch is currently available for this vulnerability.
TDC X401GL firmware contains hardcoded default credentials for privileged user accounts, enabling unauthenticated attackers to gain unauthorized administrative access over the network. This vulnerability affects all deployments using default configurations and could allow attackers to compromise system integrity and perform unauthorized operations. No patch is currently available.
TDC X401gl devices with unpatched firmware lack proper authorization controls for critical system functions, enabling unauthenticated remote attackers to arbitrarily start, stop, or delete applications and cause denial of service. This network-accessible vulnerability requires no user interaction and affects all default configurations. No patch is currently available.
Uploading unvalidated container images enables remote attackers with admin access to achieve full system compromise through malicious containers.
Container management vulnerability allows authenticated users to escape to the host filesystem with read/write access. CVSS 9.9 with scope change.