MidnightBSD

Advisories for aigital

CVE-2023-30403

An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user.

Products Affected

Vendor Product Version
aigital wireless-n_repeater_mini_router_firmware 0.131229
CVE-2023-30404

Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.

Products Affected

Vendor Product Version
aigital wireless-n_repeater_mini_router_firmware 0.131229
CVE-2023-30405

A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup.

Products Affected

Vendor Product Version
aigital wireless-n_repeater_mini_router_firmware 0.131229