An attacker can send a request to inject arbitrary script code into the `/action/import_authorized_keys/` API, leading to information disclosure.
The `/system/user/password/` API is affected by command injection vulnerability.
An attacker can send a request to inject arbitrary script code into the `/system/user/password/` API, leading to information disclosure. The `/vms/` and `/vapps/` API is affected by command injection vulnerability. An attacker can send a request to inject arbitrary script code into the `/vms/` and `/vapps/` API, leading to information disclosure. An attacker can send a request to inject arbitrary script code into the `/license/` API, leading to information disclosure. An attacker can send a request to inject arbitrary script code into the `/upgrade/` API, leading to information disclosure.
CVE-2019-13779 In Robustel R1510 3.1.16 and 3.3.0, the web server can be made to stop responding to HTTP requests by injecting `iframe>` tags into the response stream. This can be used for a DoS attack.
The web server in Robustel R1510 3.1.16 and 3.3.0 is vulnerable to remote code execution vulnerability due to its support for `cgi` and `fcgi` scripts. An attacker can send a
Vulnerabilities in Robustel R1510 3.1.16 and 3.3.0
An attacker can send a request to inject arbitrary script code into the `/action/import_authorized_keys/` API, leading to information disclosure. The `/system/user/password/` API is affected by command injection vulnerability. An attacker can send a request to inject arbitrary script code into the `/system/user/password/` API, leading to information disclosure. The `web server in Robustel R1510 3.1.16 and 3.3.0 is vulnerable to remote code execution vulnerability due to its support for `cgi` and `fcgi` scripts.
Dependency issue
When Robustel R1510 3.1.16 and 3.3.0 is running in its default mode, `iframe>` tags are not sanitized in the response stream. When this issue is exploited, the only protection against exploitation is to prevent Robustel R1510 3.1.16 and 3.3.0 from running in its default mode (or to disable HTTP).
CVE-2020-53305 An attacker can send a request to inject arbitrary script code into the `/system/plugin/firefox/extension/` API, leading to information disclosure or remote code execution on the application server hosting Robustel R1510 3.2 and later versions with Firefox plugin support enabled for those versions of Robustel R1510 with insecure Firefox extensions installed on them by an attacker without prompting for permission.
Timeline
Published on: 10/25/2022 17:15:00 UTC
Last modified on: 10/26/2022 03:55:00 UTC