352 matches found
CVE-2023-2645
The CVE-2023-2645 entry affects USR-G806 (firmware 1.0.41) and is tied to the Web Management Page. The vulnerability arises from manipulating the username/password arguments with the input root, which leads to the use of a hard-coded password. This enables a remote attack as described in multiple...
CVE-2023-29778
GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread...
CVE-2023-29778
GL.iNET MT3000 4.1.0 Release 2 is documented as vulnerable to an OS Command Injection via the /usr/lib/oui-httpd/rpc/logread endpoint. The affected component is the logread handler in the oui-httpd path; CVSS v3.1 metrics indicate a critical impact (CRITICAL, 9.8) affecting confidentiality, integ...
openSUSE 15 Security Update : amanda (openSUSE-SU-2023:0069-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0069-1 advisory. - A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the...
CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...
libXpm security update
3.5.12-9 - Fix CVE-2022-46285: infinite loop on unclosed comments 2161800 - Fix CVE-2022-44617: runaway loop with width of 0 2161808 - Fix CVE-2022-4883: compression depends on /usr/local/bin:/usr/bin 2160238...
USR IOT 4G LTE Industrial Cellular VPN Router 信任管理问题漏洞
Jinan USR IOT Technology USR IOT 4G LTE Industrial Cellular VPN Router is an industrial-grade 4G wireless LTE router from Jinan USR IOT Technology China. A security vulnerability exists in the USR IOT 4G LTE Industrial Cellular VPN Router version 1.0.36, which originates from the inability to...
CVE-2022-29730
CVE-2022-29730 affects USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36. The issue is hard-coded credentials for the highest privileged account (USR user) with password www.usr.cn, which cannot be changed via normal device operation. This credential exposure enables full compromise of the de...
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor
Exploit Title: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor Exploit Author: LiquidWorm !/usr/bin/env python3 USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Vendor: Jinan USR IOT Technology Limited Product web page: https://www.pusr.com |...
CVE-2022-28571
D-link 882 DIR882A1FW130B06 was discovered to contain a command injection vulnerability in/usr/bin/cli...
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor
!/usr/bin/env python3 USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Vendor: Jinan USR IOT Technology Limited Product web page: https://www.pusr.com | https://www.usriot.com Affected version: 1.0.36 USR-G800V2, USR-G806, USR-G807, USR-G808 1.2.7 USR-LG220-L Summary:...
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Exploit
The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7. !/usr/bin/env python...
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor
Summary USR-G806 is a industrial 4G wireless LTE router which provides a solution for users to connect own device to 4G network via WiFi interface or Ethernet interface. USR-G806 adopts high performance embedded CPU which can support 580MHz working frequency and can be widely used in Smart Grid,...
CVE-2022-24595
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...
CVE-2022-24595
CVE-2022-24595 affects Automotive Grade Linux Kooky Koi versions 11.0.0–11.0.5. The root cause is Incorrect Access Control in /usr/bin/afb-daemon. An attacker can exploit by sending a crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process, with no credentials or user...
bind security update
32:9.8.2-0.68.rc1.0.3.8 - Backport fix for CVE-2018-5741 Orabug: 33496185 32:9.8.2-0.68.rc1.0.2.8 - Backport possible assertion failure on DNAME processing CVE-2021-25215 32:9.8.2-0.68.rc1.0.1.8 - Backport the fix for buffer overflow CVE-2020-8625 Orabug: 32588749 32:9.8.2-0.68.rc1.8 - Fix...
CVE-2021-46547
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service DoS...
CVE-2021-46535
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service DoS...
CVE-2021-46535
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service DoS...
CVE-2021-46503
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x8664-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service DoS...