GCVE - cpe:2.3:o:westermo:l206-f2g_firmware:4.24:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:westermo:l206-f2g_firmware:4.24:*:*:*:*:*:*:*

part: o version: 4.24 update: *

Vendor	Westermo (`f47ec0f3-f645-57e9-881c-edbca94542ff`)
Product	L206 F2G Firmware (`1db7f66f-1513-5370-a497-b2e43f6d1fee`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-45735`	vulnerable	2026-06-03 14:53:08.451139	Westermo Lynx Code Injection HIGH (8) A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device. Published: 2024-02-06T21:48:14.731Z Updated: 2024-08-19T20:23:15.940Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-45227`	vulnerable	2026-06-03 14:53:07.818687	Westermo Lynx Cross-site Scripting MEDIUM (5.4) An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter. Published: 2024-02-06T21:22:36.141Z Updated: 2024-08-02T20:14:19.933Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-45222`	vulnerable	2026-06-03 14:53:07.810521	Westermo Lynx Cross-site Scripting MEDIUM (5.4) An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter. Published: 2024-02-06T21:44:24.769Z Updated: 2024-08-02T20:14:19.991Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-45213`	vulnerable	2026-06-03 14:53:07.790041	Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains MEDIUM (6.6) A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. Published: 2024-02-06T21:39:36.259Z Updated: 2025-05-15T19:43:25.845Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-42765`	vulnerable	2026-06-03 14:52:54.072022	Westermo Lynx Cross-site Scripting MEDIUM (5.4) An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration. Published: 2024-02-06T21:34:09.540Z Updated: 2024-08-02T19:30:24.199Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-40544`	vulnerable	2026-06-03 14:52:49.922481	Westermo Lynx Cleartext Transmission of Sensitive Information MEDIUM (5.7) An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. Published: 2024-02-06T21:27:00.798Z Updated: 2024-08-02T18:38:50.381Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-40143`	vulnerable	2026-06-03 14:52:42.554345	Westermo Lynx MEDIUM (5.4) An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter. Published: 2024-02-06T21:51:51.093Z Updated: 2024-08-02T18:24:55.351Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-38579`	vulnerable	2026-06-03 14:52:31.613020	Westermo Lynx 206-F2G Cross-Site Request Forgery HIGH (8) The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally. Published: 2024-02-06T21:16:48.926Z Updated: 2024-11-07T20:33:42.806Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.