Evenroute Iqrouter Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Evenroute Iqrouter Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-11963 — CVSS 9.8 (critical): IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell…
CVE-2020-11965 — CVSS 9.8 (critical): In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The…
CVE-2020-11966 — CVSS 9.8 (critical): In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password…
CVE-2020-11967 — CVSS 9.8 (critical): In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access…
CVE-2020-11964 — CVSS 7.5 (high): In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password…
CVE-2020-11968 — CVSS 7.5 (high): In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor…