Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for dl4343_firmware by netis-systems
CVE-2019-20076 (GCVE-0-2019-20076)
Vulnerability from nvd – Published: 2019-12-29 23:28 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:28:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj"
},
{
"name": "https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20076",
"datePublished": "2019-12-29T23:28:52.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20075 (GCVE-0-2019-20075)
Vulnerability from nvd – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG1Z9APk0eI"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-ping6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG1Z9APk0eI"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-ping6.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG1Z9APk0eI",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG1Z9APk0eI"
},
{
"name": "https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-ping6.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-ping6.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20075",
"datePublished": "2019-12-29T23:29:02.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20074 (GCVE-0-2019-20074)
Vulnerability from nvd – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20074",
"datePublished": "2019-12-29T23:29:12.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20073 (GCVE-0-2019-20073)
Vulnerability from nvd – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr1g4SnAtAw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-netisdl4323.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr1g4SnAtAw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-netisdl4323.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr1g4SnAtAw",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr1g4SnAtAw"
},
{
"name": "https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-netisdl4323.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-netisdl4323.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20073",
"datePublished": "2019-12-29T23:29:24.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20072 (GCVE-0-2019-20072)
Vulnerability from nvd – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1VPEX136-JaVDeY0JgQTqRNdMTPOhfEN7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-hostname-input.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1VPEX136-JaVDeY0JgQTqRNdMTPOhfEN7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-hostname-input.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1VPEX136-JaVDeY0JgQTqRNdMTPOhfEN7",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1VPEX136-JaVDeY0JgQTqRNdMTPOhfEN7"
},
{
"name": "https://drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-hostname-input.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-hostname-input.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20072",
"datePublished": "2019-12-29T23:29:43.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20071 (GCVE-0-2019-20071)
Vulnerability from nvd – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc"
},
{
"name": "https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20071",
"datePublished": "2019-12-29T23:29:53.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20070 (GCVE-0-2019-20070)
Vulnerability from nvd – Published: 2019-12-29 23:30 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:30:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf"
},
{
"name": "https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20070",
"datePublished": "2019-12-29T23:30:04.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20070 (GCVE-0-2019-20070)
Vulnerability from cvelistv5 – Published: 2019-12-29 23:30 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:30:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1vIHv-UY0QLdnxDi-RW1hQHrdcuho0HRf"
},
{
"name": "https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-netis-dl4323.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20070",
"datePublished": "2019-12-29T23:30:04.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20071 (GCVE-0-2019-20071)
Vulnerability from cvelistv5 – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc"
},
{
"name": "https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20071",
"datePublished": "2019-12-29T23:29:53.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20072 (GCVE-0-2019-20072)
Vulnerability from cvelistv5 – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1VPEX136-JaVDeY0JgQTqRNdMTPOhfEN7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-hostname-input.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1VPEX136-JaVDeY0JgQTqRNdMTPOhfEN7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-hostname-input.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1VPEX136-JaVDeY0JgQTqRNdMTPOhfEN7",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1VPEX136-JaVDeY0JgQTqRNdMTPOhfEN7"
},
{
"name": "https://drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-hostname-input.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-hostname-input.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20072",
"datePublished": "2019-12-29T23:29:43.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20073 (GCVE-0-2019-20073)
Vulnerability from cvelistv5 – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr1g4SnAtAw"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-netisdl4323.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr1g4SnAtAw"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-netisdl4323.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr1g4SnAtAw",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1puObYuPWktesaVW1SO8uvSr1g4SnAtAw"
},
{
"name": "https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-netisdl4323.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-netisdl4323.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20073",
"datePublished": "2019-12-29T23:29:24.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20074 (GCVE-0-2019-20074)
Vulnerability from cvelistv5 – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1MH6DMhP1JsV_RptGXDze0Vo9MDuCH9se"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/clear-text-password-netis-dl4323.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20074",
"datePublished": "2019-12-29T23:29:12.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20075 (GCVE-0-2019-20075)
Vulnerability from cvelistv5 – Published: 2019-12-29 23:29 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG1Z9APk0eI"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-ping6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:29:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG1Z9APk0eI"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-ping6.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG1Z9APk0eI",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1SqUHaTn_dVsGv-YtvAqPOXG1Z9APk0eI"
},
{
"name": "https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1795_joGaL3QXMFeJoJPiNgB_d913XePx"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-ping6.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/xss-vulnerability-on-ping6.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20075",
"datePublished": "2019-12-29T23:29:02.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20076 (GCVE-0-2019-20076)
Vulnerability from cvelistv5 – Published: 2019-12-29 23:28 – Updated: 2024-08-05 02:32
VLAI?
Summary
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-29T23:28:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1i5gIrJRy5L7lTIsYZp9GsvR8ZGCWtnMj"
},
{
"name": "https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80",
"refsource": "MISC",
"url": "https://drive.google.com/open?id=1HrYqVKlSxhQqB5tNhhLIgpyfi0Y2ZL80"
},
{
"name": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/stored-xss-on-username-input-2-netis.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20076",
"datePublished": "2019-12-29T23:28:52.000Z",
"dateReserved": "2019-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:10.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}