MidnightBSD

Advisories for free

CVE-2014-9382 MEDIUM

Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
free freebox_os 3.0.2
CVE-2014-9405 LOW

A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
free freebox_os 3.0.2
CVE-2020-24373 MEDIUM

A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
free freebox_delta_firmware *
free freebox_pop_firmware *
free freebox_revolution_firmware *
free freebox_mini_firmware *
free freebox_one_firmware *
CVE-2020-24374 MEDIUM

A DNS rebinding vulnerability in Freebox v5 before 1.5.29.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
free freebox_hd_firmware *
CVE-2020-24375 MEDIUM

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,

Products Affected

Vendor Product Version
free freebox_v5_firmware *
free freebox_server *
CVE-2020-24376 MEDIUM

A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
free freebox_delta_firmware *
free freebox_pop_firmware *
free freebox_revolution_firmware *
free freebox_mini_firmware *
free freebox_one_firmware *
CVE-2020-24377 MEDIUM

A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
free freebox_delta_firmware *
free freebox_pop_firmware *
free freebox_revolution_firmware *
free freebox_mini_firmware *
free freebox_one_firmware *