RSS   Vulnerabilities for 'Helios glinq'   RSS

2020-09-23
 
CVE-2020-5783

CWE-352
 

 
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.

 
 
CVE-2020-5782

CWE-20
 

 
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the �??wan_type�?? parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection.

 
 
CVE-2020-5781

CWE-79
 

 
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users.

 


Copyright 2024, cxsecurity.com

 

Back to Top