Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicious actor to force change the admin password due to a hidden administrative command. id: CVE-2021-20158 info: name: Trendnet AC2600 TEW-827DRU 2.08B01 - Admin...

CVE-2017-20158

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The...

CVE-2025-20158

A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access ...

CVE-2025-20158

A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access ...

CVE-2025-20158 Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability

A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access ...

CVE-2025-20158

CVE-2025-20158 affects Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series. The issue is in the debug shell which fails to validate user input, allowing an authenticated local attacker with valid SSH credentials to run a crafted SSH command against the CLI and potentially access information f...

Cisco Small Business Series Switches Buffer Overflow Vulnerabilities (cisco-sa-sg-web-multi-S9g4Nkgv)

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

CVE-2023-20158

creationtimestamp| type| source ---|---|--- 2023-05-18 07:32:00+00:00| seen| https://t.me/cibsecurity/64363 2023-05-22 14:10:50+00:00| seen| https://www.cert.at/de/warnungen/2023/5/kritische-sicherheitslucken-in-cisco-switches-exploit-code-offentlich-updates-teilweise-verfugbar 2023-05-30...

CVE-2023-20158

CVE-2023-20158 affects Cisco Small Business Series Switches web-based UI. The root cause is improper validation of requests to the web interface, allowing an unauthenticated, remote attacker to cause a DoS or execute code with root privileges on affected devices. Affected product families include...

SUSE CVE-2022-20158

In bdiput and bdiunregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

CVE-2017-20158

creationtimestamp| type| source ---|---|--- 2022-12-31 14:15:19+00:00| seen| https://t.me/cibsecurity/55674...

CVE-2017-20158

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The...

CVE-2017-20158 vova07 Yii2 FileAPI Widget UploadAction.php run cross site scripting

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The...

CVE-2017-20158

The CVE-2017-20158 entry concerns vova07 Yii2 FileAPI Widget up to 0.1.8. The vulnerability affects the run() function in actions/UploadAction.php, where manipulation of the file parameter enables a Cross-Site Scripting (XSS) vulnerability. It can be exploited remotely. A fix is available in vers...

CVE-2022-20158

In bdiput and bdiunregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

UBUNTU-CVE-2022-20158

In bdiput and bdiunregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

CVE-2022-20158

In bdiput and bdiunregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...

CVE-2022-20158

CVE-2022-20158 affects the Android kernel in the backing-dev.c component (bdi_put and bdi_unregister). The issue is a use-after-free leading to memory corruption, with the documented impact of local privilege escalation to SYSTEM level. Exploitation is described as local (AV:L, UI:N) with no user...

CVE-2021-20158

creationtimestamp| type| source ---|---|--- 2021-12-31 00:34:49+00:00| seen| https://t.me/cibsecurity/34787...

CVE-2021-20158

Trendnet AC2600 TEW-827DRU (firmware 2.08B01) contains an authentication bypass vulnerability via a hidden administrative command, allowing an unauthenticated attacker with network access to force a change of the admin password. Documented in multiple sources (NVD entry CVE-2021-20158 and Nuclei ...