comtrend CVE Vulnerabilities & CVE List (4)

Products (CPE): — CVEs: 4

comtrend vulnerability overview

Aggregates CVE and security vulnerability intelligence across all comtrend-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk cross-site scripting and vendor risk command injection, with potential vendor impact session compromise across vendor surface production workloads use cases.

Vulnerability distribution trend (last 24 months)

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2018-8062 A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. [email protected] 5.4 0.18% 2020-10-23 2024-11-21
CVE-2020-10173 Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. [email protected] 8.8 56.12% 2020-03-05 2024-11-21
CVE-2018-20388 Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. [email protected] 9.8 0.64% 2018-12-23 2024-11-21
CVE-2010-0470 Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter. [email protected] 4.3 2.45% 2010-02-02 2026-04-29
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence