Microsemi: >> S350i Firmware >> 2.70.15 Security Vulnerabilities
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-01-11
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-01-11
Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-08
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-01-08