← Back

Greenpacket

greenpacket

8 CVEs • 10 products

Products (10)

Click to collapse
Toggle
Dx 350 Firmware
dx-350_firmware
5 CVEs
Ox350 Firmware
ox350_firmware
1 CVE
Dv 360 Firmware
dv-360_firmware
1 CVE
Wr 1200 Firmware
wr-1200_firmware
1 CVE
Ot 235 Firmware
ot-235_firmware
1 CVE
Ox350
ox350
0 CVEs
Dx 350
dx-350
0 CVEs
Dv 360
dv-360
0 CVEs
Wr 1200
wr-1200
0 CVEs
Ot 235
ot-235
0 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-26866
1Greenpacket
2Ot 235 Firmware
Wr 1200 Firmware
Feb 13, 2025
Apr 4, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution...Show more
GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.Show less
CVE-2018-14067
1Greenpacket
1Dv 360 Firmware
Nov 21, 2024
Dec 31, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (incl...Show more
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980.Show less
CVE-2016-6552
1Greenpacket
1Dx 350 Firmware
Nov 21, 2024
Jul 13, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.
CVE-2017-9980
1Greenpacket
1Dx 350 Firmware
May 13, 2026
Jul 21, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter.
CVE-2017-9932
1Greenpacket
1Dx 350 Firmware
May 13, 2026
Jul 21, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.
CVE-2017-9931
1Greenpacket
1Dx 350 Firmware
May 13, 2026
Jul 21, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.
CVE-2017-9930
1Greenpacket
1Dx 350 Firmware
May 13, 2026
Jul 21, 2017
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.
CVE-2017-3216
5Greenpacket
HuaweiMada+2 more
14Bm2022 Firmware
Hes 309m FirmwareHes 319m2w Firmware+11 more
May 13, 2026
Jun 20, 2017
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by perform...Show more
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.Show less