Vulnerabilities
Vulnerable Software
Netis-Systems:  >> Dl4343  Security Vulnerabilities
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-12-30
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-12-30
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-12-30
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-12-30
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-12-30
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-12-30
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-12-30


Contact Us

Shodan ® - All rights reserved