MidnightBSD

Advisories for axesstel

CVE-2017-11350 MEDIUM

Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
axesstel mu553s_firmware mu553s-v1.14
CVE-2017-11351 HIGH

Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
axesstel mu553s_firmware mu553s-v1.14
CVE-2017-13724 LOW

On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
axesstel mu553s_firmware mu553s-v1.14