netis-systems

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).

On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).

On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.