CVE-2020-29656

An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direct access to /downloadmaster/dmapply.cgi?actionmode=initial&downloadtype=General&specialcgi=getlanguage makes it possible to reach "unknown functionality" in a "known to be easy" manner via an...

Authentication flaw

An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes...

CVE-2020-26567

The CVE-2020-26567 issue affects D-Link DSR-250N devices (prior to version 3.17B). The CGI script upgradeStatusReboot.cgi can be accessed without authentication, and any access reboots the device, causing a DoS for several minutes. Publicly documented details come from multiple sources (Red Hat a...

D-Link DSR-250N Denial Of Service

Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script which reboots the device. Details ======= Product: D-Link DSR-250N...

D-Link DSR-250N 3.12 - Denial of Service (PoC)

Exploit Title: D-Link DSR-250N 3.12 - Denial of Service PoC Google Dork: N/A Author: RedTeam Pentesting GmbH Date: 2020-10-03 Exploit Author: Kiko Andreu kikoas1995 & Daniel Monzón stark0de Vendor Homepage: https://www.dlink.com Software Link:...

CVE-2020-13364

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0, V5.20ABAG.1C0, and V5.21ABAG.3C0; NSA325 v2V4.81AALS.0C0 and V4.81AAAJ.1C0; NSA310 4.22AFK.0C0 and...

CVE-2020-13364

A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21AASZ.4C0, V5.21AASZ.0C0, V5.11AASZ.3C0, and V5.11AASZ.0C0; NAS542 V5.11ABAG.0C0, V5.20ABAG.1C0, and V5.21ABAG.3C0; NSA325 v2V4.81AALS.0C0 and V4.81AAAJ.1C0; NSA310 4.22AFK.0C0 and...

Denial Of Service (DoS)

Python is vulnerable to denial of serviceDoS. Due to a flaw found in the way the Python CGIHTTPServer module processed certain HTTP GET requests, a remote attacker could use a specially-crafted request to obtain the CGI script's source code...

Arbitrary Command Execution

redhat-ds-admin is vulnerable to arbitrary command execution. The vulnerability exists as a shell command injection flaw was discovered in the Red Hat Administration Server replication monitor CGI script used by Red Hat Directory Server 8.0. An attacker with access to the replication monitor web...

Arbitrary Code Execution

cups is vulnerable to arbitrary code execution. The vulnerability exists as a heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port TCP port 631 could send a malicious request causing the script to crash or, potentially...

CVE-2019-16072

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...

Command injection

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...

CVE-2019-16072

An OS command injection vulnerability in the discoverandmanage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ipaddress variable within an snmpbrowser action...

CVE-2019-19945

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large...

Integer overflow

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large...

CVE-2019-19945

uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large...

CVE-2016-5388

It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker coul...

EulerOS Virtualization for ARM 64 3.0.2.0 : pcre (EulerOS-SA-2020-1219)

According to the version of the pcre packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain...

D-Link DIR-825 and TRENDnet TEW-632BRP Command Injection Vulnerability (CNVD-2020-16100)

The D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit LAN/WAN router.The TRENDnet TEW-632BRP is a 300Mbps wireless home router. A command injection vulnerability exists in the D-Link DIR-825 and TRENDnet TEW-632BRP. A remote attacker can exploit this vulnerability to execute arbitrary commands...

CVE-2020-8126

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user Privilege-1 to escalate privileges and became administrator Privilege-15...