Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.18 views

CVE-2020-27302

A stack buffer overflow in Realtek RTL8710 and other Ameba-based devices can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake...

8CVSS8.2AI score0.02009EPSS
Exploits1
CVE
CVE
added 2024/03/06 6:31 p.m.73 views

CVE-2024-27302

Go-zero (web/RPC framework) contains a CORS Filter vulnerability where isOriginAllowed uses strings.HasSuffix, enabling bypass by a malicious domain. This can break the CORS policy and allow a page to make requests or retrieve data on behalf of other users. The issue affects the configurable allo...

9.1CVSS9AI score0.00774EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/06 6:31 p.m.21 views

CVE-2024-27302 Authorization Bypass Through User-Controlled Key in go-zero

go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This...

9.1CVSS6.6AI score0.00774EPSS
Exploits2References2
Circl
Circl
added 2024/03/02 2:42 a.m.5 views

CVE-2024-27302

creationtimestamp| type| source ---|---|--- 2024-03-02 02:42:11+00:00| published-proof-of-concept| https://github.com/zeromicro/go-zero/security/advisories/GHSA-fgxv-gw55-r5fq 2024-03-06 20:26:51+00:00| seen| https://t.me/ctinow/201761 2024-03-06 20:36:23+00:00| seen| https://t.me/ctinow/201782...

9.1CVSS7.3AI score0.00774EPSS
Exploits2References3
Circl
Circl
added 2021/06/05 12:13 p.m.4 views

CVE-2020-27302

creationtimestamp| type| source ---|---|--- 2021-06-05 12:13:47+00:00| seen| https://t.me/SecLabNews/10336...

8CVSS8.1AI score0.02009EPSS
Exploits1References1
CVE
CVE
added 2021/06/04 12:24 p.m.94 views

CVE-2020-27302

Realtek RTL8710 (and Ameba-based devices) are affected by a stack-based buffer overflow in the memcpy path during WPA2 4‑way handshake when processing a crafted Encrypted GTK value. This can enable remote code execution by an attacker in wireless range. The issue is documented as CVE-2020-27302; ...

8CVSS8.2AI score0.02009EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder