Filtered by vendor Twsz
Subscribe
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9232 | 1 Twsz | 2 Be126, Be126 Firmware | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. | |||||
| CVE-2017-8771 | 1 Twsz | 2 Wifi Repeater, Wifi Repeater Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the telnet and will infect the device with malicious code. | |||||
| CVE-2017-13713 | 1 Twsz | 2 Wifi Repeater, Wifi Repeater Firmware | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. | |||||
| CVE-2017-8772 | 1 Twsz | 2 Wifi Repeater, Wifi Repeater Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not). | |||||
| CVE-2017-8770 | 1 Twsz | 2 Wifi Repeater, Wifi Repeater Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. | |||||