Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46306 | 1 Netmodule | 9 Nb1601, Nb1800, Nb1810 and 6 more | 2024-09-12 | N/A | 6.6 MEDIUM |
| The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105. | |||||
| CVE-2021-39290 | 1 Netmodule | 30 Nb1600, Nb1600 Firmware, Nb1601 and 27 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | |||||
| CVE-2021-39291 | 1 Netmodule | 30 Nb1600, Nb1600 Firmware, Nb1601 and 27 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | |||||
| CVE-2021-39289 | 1 Netmodule | 30 Nb1600, Nb1600 Firmware, Nb1601 and 27 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | |||||