cbcvebase.

Evenroute Iqrouter Firmware vulnerabilities

6 known vulnerabilities affecting evenroute/iqrouter_firmware.

Total CVEs
6
CISA KEV
0
Public exploits
5
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH2

Vulnerabilities

Page 1 of 1
CVE-2020-11963P1CRITICALCVSS 9.8ExploitedPoC≤ 3.3.12020-04-21
CVE-2020-11963 [CRITICAL] CWE-78 CVE-2020-11963: IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure pa
nvd
CVE-2020-11967P2CRITICALCVSS 9.8PoC≤ 3.3.12020-04-21
CVE-2020-11967 [CRITICAL] CWE-862 CVE-2020-11967: In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on t
nvd
CVE-2020-11966P2CRITICALCVSS 9.8PoC≤ 3.3.12020-04-21
CVE-2020-11966 [CRITICAL] CWE-521 CVE-2020-11966: In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the sys
nvd
CVE-2020-11968P3HIGHCVSS 7.5PoC≤ 3.3.12020-04-21
CVE-2020-11968 [HIGH] CWE-532 CVE-2020-11968: In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorre In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE inva
nvd
CVE-2020-11964P3HIGHCVSS 7.5PoC≤ 3.3.12020-04-21
CVE-2020-11964 [HIGH] CWE-287 CVE-2020-11964: In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attacke In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the sys
nvd
CVE-2020-11965P3CRITICALCVSS 9.8≤ 3.3.12020-04-21
CVE-2020-11965 [CRITICAL] CWE-287 CVE-2020-11965: In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain f In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes t
nvd
Evenroute Iqrouter Firmware vulnerabilities | cvebase