CVE-2021-3707

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

CVE-2021-34543

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with...

CVE-2020-16208

The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W all versions...

CVE-2020-13620

Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration...

CVE-2010-2843

Cisco Wireless LAN Controller WLC software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and...

CVE-2013-4729

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

CVE-2013-4613

The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has...

CVE-2019-8125

A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution...

CVE-2019-6685

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution...

CVE-2018-1000106

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins...

CVE-2010-3033

Cisco Wireless LAN Controller WLC software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and...

CVE-2010-2842

Cisco Wireless LAN Controller WLC software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and...

CVE-2015-8482

Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disable the agent via unspecified vectors...

CVE-2005-2914

ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the...

CVE-2003-0941

web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa...

CVE-2005-2916

Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to 1 modify configuration using restore.cgi or 2 upload new firmware using upgrade.cgi...

CVE-2002-2218

CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system SIPS before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value...

CVE-2025-40581

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions with SINEMA Remote Connect Edge Client installed. Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote...

Digi多款产品 安全漏洞

Digi PortServer TS and others are products of Digi Corporation.Digi PortServer TS is Digi One SP is an industrial-grade serial device server.Digi One IAP is an industrial automation protocol converter and intelligent serial server designed for PLC and SCADA systems. A security vulnerability exist...

CVE-2025-20972

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration...