1 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)
CVE-2018-10697, CVE-2018-10699 |
Multiple parameters are susceptible to command injection |
2 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)
CVE-2018-10702 |
Specified parameter is susceptible to command injection via shell metacharacters |
3 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
CVE-2018-10692 |
Vulnerable to cross-site scripting attack to steal the cookie |
4 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
CVE-2018-10700 |
Specified parameter is susceptible to XSS payload injection |
5 |
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
CVE-2018-10693, CVE-2018-10695, CVE-2018-10701, and CVE-2018-10703 |
Multiple parameters are susceptible to buffer overflow |
6 |
Credentials Management (CWE-255) CVE-2018-10690 |
The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server |
7 |
Credentials Management (CWE-255) CVE-2018-10694 |
The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default |
8 |
Credentials Management (CWE-255) CVE-2018-10698 |
The device enables an unencrypted TELNET service by default |
9 |
Improper Access Control (CWE-284) CVE-2018-10691 |
Vulnerable to unauthorized systemlog.log download |
10 |
Cross-Site Request Forgery (CSRF) (CWE-352) CVE-2018-10696 |
Web interface is not protected against CSRF attacks |