Vulnerabilities (CVE)

Filtered by vendor Sagemcom Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3304 1 Sagemcom 2 F\@st 3686, F\@st 3686 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.
CVE-2020-29138 1 Sagemcom 2 F\@st 3486 Router, F\@st 3486 Router Firmware 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.
CVE-2020-24034 1 Sagemcom 2 F\@st 5280 Router, F\@st 5280 Router Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside of this cookie, and assume the role and permissions of the user specified. By assuming the role of the user internal, which is inaccessible to end users by default, the attacker gains the permissions of the internal account, which includes the ability to flash custom firmware to the router, allowing the attacker to achieve a complete compromise.
CVE-2020-21733 1 Sagemcom 2 F\@st 3686, F\@st 3686 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
CVE-2019-9555 1 Sagemcom 2 F\@st 5260, F\@st 5260 Firmware 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.
CVE-2019-19494 4 Compal, Netgear, Sagemcom and 1 more 14 7284e, 7284e Firmware, 7486e and 11 more 2024-11-21 9.3 HIGH 8.8 HIGH
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
CVE-2017-6552 1 Sagemcom 2 Livebox, Livebox Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.