| 1 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)
CVE-2018-10697, CVE-2018-10699 |
Multiple parameters are susceptible to command injection |
| 2 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)
CVE-2018-10702 |
Specified parameter is susceptible to command injection via shell metacharacters |
| 3 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
CVE-2018-10692 |
Vulnerable to cross-site scripting attack to steal the cookie |
| 4 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
CVE-2018-10700 |
Specified parameter is susceptible to XSS payload injection |
| 5 |
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
CVE-2018-10693, CVE-2018-10695, CVE-2018-10701, and CVE-2018-10703 |
Multiple parameters are susceptible to buffer overflow |
| 6 |
Credentials Management (CWE-255) CVE-2018-10690 |
The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server |
| 7 |
Credentials Management (CWE-255) CVE-2018-10694 |
The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default |
| 8 |
Credentials Management (CWE-255) CVE-2018-10698 |
The device enables an unencrypted TELNET service by default |
| 9 |
Improper Access Control (CWE-284) CVE-2018-10691 |
Vulnerable to unauthorized systemlog.log download |
| 10 |
Cross-Site Request Forgery (CSRF) (CWE-352) CVE-2018-10696 |
Web interface is not protected against CSRF attacks |