Aggregates CVE and security vulnerability intelligence across all multilaser-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk csrf, and vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-38946 | An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie. | [email protected] | 8.8 | 0.04% | 2024-03-06 | 2025-01-07 |
| CVE-2023-38945 | Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL. | [email protected] | 9.8 | 0.04% | 2024-03-06 | 2025-11-04 |
| CVE-2023-38944 | An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header. | [email protected] | 9.8 | 0.18% | 2024-03-06 | 2025-11-04 |
| CVE-2023-36146 | A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733. | [email protected] | 5.4 | 0.15% | 2023-06-30 | 2024-11-21 |
| CVE-2023-0658 | A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability. | [email protected] | 5.3 | 0.29% | 2023-02-03 | 2024-11-21 |
| CVE-2021-31152 | Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. | [email protected] | 8.8 | 0.83% | 2021-04-14 | 2024-11-21 |