Lucene search
K

30 matches found

OSV
OSV
added 2021/12/22 7:15 p.m.5 views

CVE-2021-21873

A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.1CVSS7.5AI score0.02915EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/12/22 12:0 a.m.7 views

PT-2021-14807 · Lantronix · Lantronix Premierwave 2050

Name of the Vulnerable Software and Affected Versions: Lantronix PremierWave 2050 version 8.9.0.0R4 Description: A command injection issue exists in the Web Manager Diagnostics: Traceroute functionality, allowing arbitrary command execution via a specially-crafted HTTP request. An attacker can...

9.9CVSS9.6AI score0.06061EPSS
Exploits1References2
OSV
OSV
added 2019/10/31 9:15 p.m.4 views

CVE-2018-4064

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the...

7.1CVSS5.8AI score0.16106EPSS
Exploits3References1
OSV
OSV
added 2019/03/21 5:29 p.m.5 views

CVE-2017-16254

An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP...

8.1CVSS6.4AI score0.01223EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/01 3:0 a.m.29 views

CVE-2018-3949

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated...

7.5CVSS7.4AI score0.53297EPSS
Exploits1References1
Prion
Prion
added 2018/11/30 5:29 p.m.21 views

Denial of service

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticate...

5CVSS7.4AI score0.23061EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/08/24 12:0 a.m.18 views

Insteon Hub Buffer Overflow Vulnerability (CNVD-2018-16501)

The Insteon Hub is an Insteon central controller product from Insteon USA. This product can remotely control light bulbs, wall switches, air conditioners and more in your home. A buffer overflow vulnerability exists in the PubNub 'ad' channel message handler in the Insteon Hub using firmware...

8.5CVSS8.5AI score0.01081EPSS
Exploits2References1
CNVD
CNVD
added 2018/08/07 12:0 a.m.10 views

Insteon Hub Buffer Overflow Vulnerability (CNVD-2018-14860)

The Insteon Hub is an Insteon central controller product from Insteon USA. This product can remotely control light bulbs, wall switches, air conditioners and more in your home. A buffer overflow vulnerability exists in the Insteon Hub using firmware version 1012. An attacker could exploit the...

9.9CVSS8.7AI score0.01378EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2018/08/02 12:0 a.m.5 views

PT-2018-6268 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, at memory address 0x9d01bb1c, the value for the uri key is copied using strcpy to a buffer at...

9.9CVSS8.6AI score0.0136EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2018/08/02 12:0 a.m.7 views

PT-2018-6271 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, the value for the s vol dim delta key is copied using strcpy to a buffer at address 0xa000051...

9.9CVSS8.3AI score0.0136EPSS
Exploits2References3
Rows per page
Query Builder