CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

skyworthdigital

rn510_firmware

3 known vulnerabilities · sorted by CVSS score

CVE-2021-25328

HIGH8.8

Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device.

skyworthdigital / rn510_firmware

Network

Published Apr 9, 2021

CVE-2021-25327

MEDIUM6.5

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS).

skyworthdigital / rn510_firmware

Network

Published Apr 9, 2021

CVE-2021-25326

MEDIUM5.4

Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed.

skyworthdigital / rn510_firmware

Network

Published Apr 9, 2021