Filtered by vendor Xantech
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0556 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2024-11-21 | N/A | 7.1 HIGH |
A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text. | |||||
CVE-2024-0555 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2024-11-21 | N/A | 4.6 MEDIUM |
A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation. | |||||
CVE-2024-0554 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2024-11-21 | N/A | 5.5 MEDIUM |
A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user. |