Lucene search
K

352 matches found

CVE
CVE
added 2023/05/11 7:0 a.m.58 views

CVE-2023-2645

The CVE-2023-2645 entry affects USR-G806 (firmware 1.0.41) and is tied to the Web Management Page. The vulnerability arises from manipulating the username/password arguments with the input root, which leads to the use of a hard-coded password. This enables a remote attack as described in multiple...

10CVSS9.7AI score0.03152EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/05/02 8:15 p.m.24 views

CVE-2023-29778

GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread...

9.8CVSS9.7AI score0.15876EPSS
Exploits1References1
CVE
CVE
added 2023/05/02 12:0 a.m.56 views

CVE-2023-29778

GL.iNET MT3000 4.1.0 Release 2 is documented as vulnerable to an OS Command Injection via the /usr/lib/oui-httpd/rpc/logread endpoint. The affected component is the logread handler in the oui-httpd path; CVSS v3.1 metrics indicate a critical impact (CRITICAL, 9.8) affecting confidentiality, integ...

9.8CVSS9.6AI score0.15876EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/15 12:0 a.m.28 views

openSUSE 15 Security Update : amanda (openSUSE-SU-2023:0069-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0069-1 advisory. - A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the...

6.7CVSS6.8AI score0.01246EPSS
Exploits3References7
UbuntuCve
UbuntuCve
added 2023/01/30 12:0 a.m.37 views

CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...

6.7CVSS6.7AI score0.00526EPSS
Exploits1References5
Oracle linux
Oracle linux
added 2023/01/24 12:0 a.m.43 views

libXpm security update

3.5.12-9 - Fix CVE-2022-46285: infinite loop on unclosed comments 2161800 - Fix CVE-2022-44617: runaway loop with width of 0 2161808 - Fix CVE-2022-4883: compression depends on /usr/local/bin:/usr/bin 2160238...

8.8CVSS1.6AI score0.01273EPSS
Exploits2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.6 views

USR IOT 4G LTE Industrial Cellular VPN Router 信任管理问题漏洞

Jinan USR IOT Technology USR IOT 4G LTE Industrial Cellular VPN Router is an industrial-grade 4G wireless LTE router from Jinan USR IOT Technology China. A security vulnerability exists in the USR IOT 4G LTE Industrial Cellular VPN Router version 1.0.36, which originates from the inability to...

10CVSS8.3AI score0.01654EPSS
Exploits2References3
CVE
CVE
added 2022/05/27 12:56 p.m.92 views

CVE-2022-29730

CVE-2022-29730 affects USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36. The issue is hard-coded credentials for the highest privileged account (USR user) with password www.usr.cn, which cannot be changed via normal device operation. This credential exposure enables full compromise of the de...

10CVSS9.5AI score0.01654EPSS
Exploits2References2Affected Software1
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.304 views

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor

Exploit Title: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor Exploit Author: LiquidWorm !/usr/bin/env python3 USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Vendor: Jinan USR IOT Technology Limited Product web page: https://www.pusr.com |...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2022/05/02 12:35 p.m.21 views

CVE-2022-28571

D-link 882 DIR882A1FW130B06 was discovered to contain a command injection vulnerability in/usr/bin/cli...

10AI score0.05528EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2022/04/21 12:0 a.m.403 views

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor

!/usr/bin/env python3 USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Vendor: Jinan USR IOT Technology Limited Product web page: https://www.pusr.com | https://www.usriot.com Affected version: 1.0.36 USR-G800V2, USR-G806, USR-G807, USR-G808 1.2.7 USR-LG220-L Summary:...

0.6AI score
Exploits0
0day.today
0day.today
added 2022/04/21 12:0 a.m.398 views

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Exploit

The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7. !/usr/bin/env python...

7AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2022/04/20 12:0 a.m.379 views

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor

Summary USR-G806 is a industrial 4G wireless LTE router which provides a solution for users to connect own device to 4G network via WiFi interface or Ethernet interface. USR-G806 adopts high performance embedded CPU which can support 580MHz working frequency and can be widely used in Smart Grid,...

10CVSS7.3AI score0.01654EPSS
Exploits2
Cvelist
Cvelist
added 2022/03/18 11:16 a.m.16 views

CVE-2022-24595

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...

9.6AI score0.01953EPSS
Exploits1References1
CVE
CVE
added 2022/03/18 11:16 a.m.119 views

CVE-2022-24595

CVE-2022-24595 affects Automotive Grade Linux Kooky Koi versions 11.0.0–11.0.5. The root cause is Incorrect Access Control in /usr/bin/afb-daemon. An attacker can exploit by sending a crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process, with no credentials or user...

9.8CVSS9.2AI score0.01953EPSS
Exploits1References1Affected Software1
Oracle linux
Oracle linux
added 2022/02/03 12:0 a.m.199 views

bind security update

32:9.8.2-0.68.rc1.0.3.8 - Backport fix for CVE-2018-5741 Orabug: 33496185 32:9.8.2-0.68.rc1.0.2.8 - Backport possible assertion failure on DNAME processing CVE-2021-25215 32:9.8.2-0.68.rc1.0.1.8 - Backport the fix for buffer overflow CVE-2020-8625 Orabug: 32588749 32:9.8.2-0.68.rc1.8 - Fix...

10CVSS7.3AI score0.95182EPSS
Exploits60
NVD
NVD
added 2022/01/27 9:15 p.m.16 views

CVE-2021-46547

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service DoS...

5.5CVSS0.00614EPSS
Exploits1References1
NVD
NVD
added 2022/01/27 9:15 p.m.20 views

CVE-2021-46535

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service DoS...

5.5CVSS0.00614EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/01/27 9:15 p.m.8 views

CVE-2021-46535

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service DoS...

5.5CVSS5.9AI score0.00614EPSS
Exploits1References2
NVD
NVD
added 2022/01/27 9:15 p.m.23 views

CVE-2021-46503

Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x8664-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service DoS...

5.5CVSS0.00638EPSS
Exploits1References1
Rows per page
Query Builder