Vulnerabilities (CVE)

Filtered by vendor Netmodule Subscribe
Filtered by product Nb1810
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-46306 1 Netmodule 9 Nb1601, Nb1800, Nb1810 and 6 more 2024-09-12 N/A 6.6 MEDIUM
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.
CVE-2021-39290 1 Netmodule 30 Nb1600, Nb1600 Firmware, Nb1601 and 27 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
CVE-2021-39291 1 Netmodule 30 Nb1600, Nb1600 Firmware, Nb1601 and 27 more 2024-02-04 6.5 MEDIUM 8.8 HIGH
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.
CVE-2021-39289 1 Netmodule 30 Nb1600, Nb1600 Firmware, Nb1601 and 27 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800.