MidnightBSD

Advisories for wayos

CVE-2022-41489

WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
wayos lq-08_firmware 22.03.17
wayos lq-04_firmware 22.03.17
wayos lq-09_firmware 22.03.17
wayos lq-06_firmware 22.03.17
wayos lq-07_firmware 22.03.17
wayos lq-05_firmware 22.03.17
CVE-2023-37793

WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp.

Products Affected

Vendor Product Version
wayos fbm-291w_firmware 19.09.11v
CVE-2023-37794

WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp.

Products Affected

Vendor Product Version
wayos fbm-291w_firmware 19.09.11v