418 matches found
CVE-2023-33684
Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 Apr 19 2021 Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol...
CVE-2023-33626
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary...
CVE-2023-33625
D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbcsystem function...
CVE-2021-37471
Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...
CVE-2020-6204
The selection query in SAP Treasury and Risk Management Transaction Management EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104 returns more records than it should be when selecting and displaying the contract number, leading to Missing...
CVE-2019-15378
The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGARay600/ELUGARay600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the...
The vulnerability of the microprogrammed software of industrial routers SCALANCE M-800 and industrial switches SCALANCE SC-600, related to partial comparison, allows a intruder to influence the integrity of the protected information.
The vulnerability of the microprogrammed software of industrial routers SCALANCE M-800 and industrial switches SCALANCE SC-600 is related to a partial comparison. Exploiting this vulnerability could allow an attacker operating remotely to influence the integrity of the protected information...
Siemens SCALANCE M-800 and SC-600 Families Partial String Comparison (CVE-2025-23384)
A remote attacker needs to have access to a valid certificate in order to perform a successful attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
Siemens SCALANCE M-800 and SC-600 Families
SUMMARY SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific...
D-Link DIR-600 Multiple Vulnerabilities (2013 - 2024)
D-Link DIR-600 devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-22152
Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack...
CVE-2025-22152
Atheos (self-hosted browser-based cloud IDE) contains path traversal/file-include style vulnerabilities in multiple PHP files where the $path and $target parameters are not properly validated prior to v600. This allows an attacker to read, modify, or execute arbitrary files on the server. The iss...
CVE-2025-22152 Improper Path Validation Enables Path Traversal in Multiple Components in Atheos
Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack...
D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an OS Command Injection vulnerability...
D-Link DIR-600 OS Command Injection Vulnerability
The D-Link DIR-600 is a wireless router from China's AUO D-Link. An operating system command injection vulnerability exists in the D-Link DIR-600 version 2.18 and earlier, which stems from the fact that manipulation of service parameters can lead to os command injection. No details of the...
CVE-2024-7357
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgimain of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The...
CVE-2024-7357
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgimain of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The...
CVE-2024-7357 D-Link DIR-600 soap.cgi soapcgi_main os command injection
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgimain of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The...
CVE-2024-7357 D-Link DIR-600 soap.cgi soapcgi_main os command injection
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgimain of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The...
CVE-2024-7357
CVE-2024-7357 affects D-Link DIR-600 firmware up to 2.18. The vulnerability is in the soap.cgi helper soapcgi_main function, where manipulation of the service argument leads to OS command injection. The attack can be remote and the exploit has been disclosed publicly. The product is end-of-life a...