Greenpacket: >> Dx-350 Security Vulnerabilities
Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-07-13
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-07-21
Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-21
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-07-21
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter.
CVSS Score
9.8
EPSS Score
0.044
Published
2017-07-21