Aggregates CVE and security vulnerability intelligence across all prolink-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk command injection and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-36708 | In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in the login.cgi binary allows an attacker to reset the password to the administrative interface of the router. | [email protected] | 7.5 | 0.29% | 2021-08-06 | 2024-11-21 |
| CVE-2021-36707 | In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system. | [email protected] | 9.8 | 13.08% | 2021-08-06 | 2024-11-21 |
| CVE-2021-36706 | In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system. | [email protected] | 9.8 | 13.08% | 2021-08-06 | 2024-11-21 |
| CVE-2021-36705 | In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the adm.cgi binary, accessible with a page parameter value of TR069 contains a trivial command injection where the value of the TR069_local_port parameter is passed directly to system. | [email protected] | 9.8 | 13.08% | 2021-08-06 | 2024-11-21 |