Vulnerabilities (CVE)

Filtered by vendor Netis-systems Subscribe
Filtered by product Dl4343 Firmware
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20076 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).
CVE-2019-20075 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).
CVE-2019-20074 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.0 MEDIUM 8.8 HIGH
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
CVE-2019-20073 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
CVE-2019-20072 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).
CVE-2019-20071 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 5.8 MEDIUM 6.5 MEDIUM
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
CVE-2019-20070 1 Netis-systems 2 Dl4343, Dl4343 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).