MidnightBSD

Advisories for digisol

CVE-2017-6127 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
digisol dg-hr1400_firmware 1.00.02
CVE-2017-6896 MEDIUM

Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-565,

Products Affected

Vendor Product Version
digisol dg-hr1400_router_firmware 1.00.02
CVE-2018-12705 MEDIUM

DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
digisol dg-br4000ng_firmware *
CVE-2018-12706 HIGH

DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digisol dg-br4000ng_firmware *
CVE-2018-12715 MEDIUM

DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
digisol dg-hr3400_firmware -
CVE-2018-14027 MEDIUM

Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
digisol dg-hr-3300_firmware -
CVE-2020-35262 MEDIUM

Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
digisol dg-hr3400_firmware -