Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40143 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-02-13 | N/A | 5.4 MEDIUM |
| An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. | |||||
| CVE-2023-38579 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-02-13 | N/A | 8.8 HIGH |
| The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. | |||||
| CVE-2023-45735 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-02-12 | N/A | 8.0 HIGH |
| A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. | |||||
| CVE-2023-45227 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-02-12 | N/A | 5.4 MEDIUM |
| An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. | |||||
| CVE-2023-45222 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-02-12 | N/A | 5.4 MEDIUM |
| An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. | |||||
| CVE-2023-45213 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-02-12 | N/A | 6.5 MEDIUM |
| A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | |||||
| CVE-2023-42765 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-02-12 | N/A | 5.4 MEDIUM |
| An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. | |||||
| CVE-2023-40544 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2024-02-12 | N/A | 5.7 MEDIUM |
| An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. | |||||