cbcvebase.

Optilinknetwork Op-Xt71000N Firmware vulnerabilities

12 known vulnerabilities affecting optilinknetwork/op-xt71000n_firmware.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM6LOW1

Vulnerabilities

Page 1 of 1
CVE-2020-23584P1CRITICALCVSS 9.8v3.3.1-1910282022-11-23
CVE-2020-23584 [CRITICAL] CWE-77 CVE-2020-23584: Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when th Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution.
nvd
CVE-2020-23583P2CRITICALCVSS 9.8v3.3.1-1910282022-11-23
CVE-2020-23583 [CRITICAL] CWE-77 CVE-2020-23583: OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system.
nvd
CVE-2020-23591P3CRITICALCVSS 9.8v3.3.1-1910282022-11-23
CVE-2020-23591 [CRITICAL] CWE-434 CVE-2020-23591: A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor.
nvd
CVE-2020-23592P3HIGHCVSS 8.8v3.3.1-1910282022-11-23
CVE-2020-23592 [HIGH] CWE-352 CVE-2020-23592: A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.
nvd
CVE-2020-23585P3HIGHCVSS 8.8v3.3.1-1910282022-11-23
CVE-2020-23585 [HIGH] CWE-352 CVE-2020-23585: A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Har A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/a
nvd
CVE-2020-23593P4MEDIUMCVSS 6.5v3.3.1-1910282022-11-23
CVE-2020-23593 [MEDIUM] CWE-352 CVE-2020-23593: A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 a A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs eve
nvd
CVE-2020-23590P4MEDIUMCVSS 6.5v3.3.1-1910282022-11-23
CVE-2020-23590 [MEDIUM] CWE-352 CVE-2020-23590: A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" through "wlwpa.asp".
nvd
CVE-2020-23582P4MEDIUMCVSS 6.5v3.3.1-1910282022-11-21
CVE-2020-23582 [MEDIUM] CWE-352 CVE-2020-23582: A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow a A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
nvd
CVE-2020-23589P4MEDIUMCVSS 6.5v3.3.1-1910282022-11-23
CVE-2020-23589 [MEDIUM] CWE-352 CVE-2020-23589: A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting the router through " /mgm_dev_reboot.asp."
nvd
CVE-2020-23586P4MEDIUMCVSS 4.3v3.3.1-1910282022-11-23
CVE-2020-23586 [MEDIUM] CWE-352 CVE-2020-23586: A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-1 A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.
nvd
CVE-2020-23588P4MEDIUMCVSS 4.3v3.3.1-1910282022-11-23
CVE-2020-23588 [MEDIUM] CWE-352 CVE-2020-23588: A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" through " /rmtacc.asp ".
nvd
CVE-2020-23587P4LOWCVSS 3.1v3.3.1-1910282022-11-23
CVE-2020-23587 [LOW] CWE-352 CVE-2020-23587: A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3 A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes in RoutingConfiguration on " /routing.asp ".
nvd
Optilinknetwork Op-Xt71000N Firmware vulnerabilities | cvebase