Cisco is warning users this week that several of its products — routers, gateways, and data center platforms — suffer from vulnerabilities.

The company published five advisories across Monday and Tuesday warning of the issues — all which are being marked “medium” severity.

While they all sound pressing, the most concerning vulnerability, at least as far as CVSS scores go, is an access vulnerability (6.5) in the web interface of its Prime Service Catalog. A catalog is a cloud computing service request catalog of sorts that the company produces for data centers. Some webpages that correspond to the catalog are missing access controls, meaning that if an attacker knew the URLs of the site, he could enter them into a browser, access the pages directly, and submit a configuration change to the targeted system.

Two different wireless residential gateways the company makes are vulnerable to bugs as well.

One Gateway, EPC3928 suffers from what the Cisco calls “insufficient input validation of user-supplied value and a lack of encoding of user-supplied data,” something that opens it up to cross-site scripting (XSS) attacks. The Gateway also lacks a level of authentication that’s required to carry out some administrative functions. This means that an attacker could send a rigged HTTP request to the Gateway that could allow him to execute some admin functions without authentication.

An issue in another Gateway, DPQ3925, could lead to a cross-site request forgery (CSRF) attack, the company claims. If an attacker convinced a user to follow a malicious link, they could potentially submit arbitrary requests to the device via the web browser with the privileges of that user.

Lastly, a vulnerability in the web interface of a router Cisco manufactures, DPC3939.Improper user input validation in the router could allow an attacker to exploit the bug and execute arbitrary commands on the system.

Cisco is warning customers there are no updates or workarounds for any of the vulnerabilities but also adds that it’s not aware of anyone leveraging the vulnerabilities to carry out malicious attacks on systems.