MidnightBSD

Advisories for corega

CVE-2015-7792 HIGH

Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
corega cg-wlbargs_firmware *
CVE-2015-7793 MEDIUM

Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
corega cg-wlbaragm_firmware *
CVE-2015-7794 MEDIUM

Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
corega cg-wlncm4g_firmware *
CVE-2016-1158 MEDIUM

Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
corega cg-wlbargnl_firmware -
corega cg-wlbargmh_firmware -
CVE-2016-4822 MEDIUM

Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
corega cg-wlbargl_firmware -
CVE-2016-4823 HIGH

Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
corega cg-wlbaragm_firmware -
CVE-2016-4824 MEDIUM

The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
corega cg-wlr300gnv_firmware -
corega cg-wlr300gnv-w_firmware -
CVE-2016-7808 MEDIUM

Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
corega cg-wlbargnl_firmware -
corega cg-wlbaragm_firmware -
CVE-2016-7809 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
corega cg-wlr300nx_firmware *
CVE-2016-7810 LOW

Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
corega cg-wlr300nx_firmware *
CVE-2016-7811 MEDIUM

Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
corega cg-wlr300nx_firmware *
CVE-2017-10813 HIGH

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
corega wlr_300_nm_firmware *
CVE-2017-10814 HIGH

Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
corega wlr_300_nm_firmware *
CVE-2017-10852 HIGH

Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
corega cg-wgr_1200_firmware *
CVE-2017-10853 HIGH

Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
corega cg-wgr_1200_firmware *
CVE-2017-10854 MEDIUM

Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
corega cg-wgr_1200_firmware *