CVEDB API

Vulnerabilities

Vulnerable Software

Comtrend: Security Vulnerabilities

CVE-2018-8062

A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.

CVSS Score

5.4

EPSS Score

0.002

Published

2020-10-23

CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

CVSS Score

8.8

EPSS Score

0.652

Published

2020-03-05

CVE-2018-20388

Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

CVSS Score

9.8

EPSS Score

0.006

Published

2018-12-23

CVE-2010-0470

Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter.

CVSS Score

4.3

EPSS Score

0.026

Published

2010-02-02

Page 1

Vulnerabilities

Vulnerable Software

Comtrend: Security Vulnerabilities

Products

Pricing

Contact Us