MidnightBSD

Advisories for multilaser

CVE-2021-31152 MEDIUM

Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
multilaser ac1200_re018_firmware v02.03.01.45_pt
CVE-2023-0658 MEDIUM

A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
multilaser re170_firmware 2.1
multilaser re057_firmware 2.2
multilaser re170_firmware 2.2
multilaser re057_firmware 2.1
CVE-2023-36146

A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.

Products Affected

Vendor Product Version
multilaser re170_firmware 2.2.6733
CVE-2023-38944

An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header.

Products Affected

Vendor Product Version
multilaser re163v_firmware 12.03.01.10_pt
multilaser re160v_firmware 12.03.01.09_pt
CVE-2023-38945

Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL.

Products Affected

Vendor Product Version
multilaser re163v_firmware 12.03.01.08_pt
multilaser re160v_firmware 12.03.01.08_pt
multilaser re160_firmware 5.07.51_pt_mtl01
multilaser re160v_firmware 12.03.01.09_pt
multilaser re160_firmware 5.07.52_pt_mtl01
CVE-2023-38946

An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie.

Products Affected

Vendor Product Version
multilaser re160_firmware 5.07.51_pt_mtl01
multilaser re160_firmware 5.07.52_pt_mtl01