Swisscom: >> Centro Grande Firmware >> 6.14.00 Security Vulnerabilities
Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection.
CVSS Score
7.2
EPSS Score
0.106
Published
2020-03-16
Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-03-16
Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-03-16