Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sagemcom vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-6552
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service con...
Sagemcom Livebox Firmware 5.15.8.1
1 EDB exploit
5.3
CVSSv3
CVE-2020-29138
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.
Sagemcom F\\@st 3486 Router Firmware 4.109.0
9.8
CVSSv3
CVE-2021-3304
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.
Sagemcom F\\@st 3686 Firmware 3.495
6.1
CVSSv3
CVE-2020-21733
Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.
Sagemcom F\\@st 3686 Firmware 1.0 Hun 3.97.0
5.3
CVSSv3
CVE-2019-9555
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.
Sagemcom F\\@st 5260 Firmware 0.4.39
8.8
CVSSv3
CVE-2020-24034
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, ...
Sagemcom F\\@st 5280 Router Firmware 1.150.61
8.8
CVSSv3
CVE-2019-19494
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote malicious user to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 befo...
Sagemcom F\\@st 3890 Firmware
Sagemcom F\\@st 3686 Firmware 3.428.0
Sagemcom F\\@st 3686 Firmware 4.83.0
Netgear Cg3700emr Firmware 2.01.03
Netgear Cg3700emr Firmware 2.01.05
Netgear C6250emr Firmware 2.01.03
Netgear C6250emr Firmware 2.01.05
Technicolor Tc7230 Steb Firmware 01.25
Compal 7284e Firmware 5.510.5.11
Compal 7486e Firmware 5.510.5.11
1 Article
NA
CVE-2019-95551
Sagemcom F@st 5260 routers on firmware version 0.4.39 (and possibly others), in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small.
NA
CVE-2020-240341
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values in...
NA
CVE-2013-5039
Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote malicious users to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecur...
Hot Hotbox Router Firmware 2.1.11
Hot Hotbox Router -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »