CVE-2023-0432 CVE-2023-0432

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

CVE-2023-0432 CVE-2023-0432

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

The vulnerability of the web configuration service of Delta Electronics DX-2100-L1-CN microprogrammed router software allows a hacker to execute arbitrary code.

The vulnerability of the web configuration service of Delta Electronics DX-2100-L1-CN microprogrammed router software exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SUSE CVE-2014-2914

fish aka fish-shell 2.0.0 before 2.1.1 does not restrict access to the configuration service aka fishconfig, which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by setprompt...

Delta Electronics DX-2100 Series 跨站脚本漏洞

The Delta Electronics DX-2100 Series is a router from Delta Electronics China. A security vulnerability exists in Delta Electronics DX-2100-L1-CN version 1.5.0.10, which is caused due to a security issue in the "net diagnosis" function in the Web Configuration Service, and can be exploited in the...

CVE-2023-22495

CVE-2023-22495 affects Izanami, a shared configuration service for microservices. In versions prior to 1.11.0, an attacker could bypass authentication when running the official Docker image because a hard-coded secret signs the JWT token, enabling compromise of another Izanami instance. The vulne...

CVE-2023-22495 Izanami is vulnerable to Authorization Bypass

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...

CVE-2022-38393

A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.38649674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this...

CVE-2022-38105

An information disclosure vulnerability exists in the cmprocessREQNC opcode of Asus RT-AX82U 3.0.0.4.38649674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this...

CVE-2022-38393

A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.38649674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this...

CVE-2022-38393

A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.38649674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this...

ASUS RT-AX82U 缓冲区错误漏洞

The ASUS RT-AX82U is a wireless router from Asus China. A buffer error vulnerability exists in ASUS RT-AX82U version 3.0.0.4.38649674-ge182230, which stems from an information disclosure vulnerability in the cmprocessREQNC opcode of the router configuration service, where specially crafted networ...

PT-2023-13603 · Asus · Asus Rt-Ax82U

Name of the Vulnerable Software and Affected Versions: Asus RT-AX82U version 3.0.0.4.386 49674-ge182230 Description: A denial of service issue exists in the cfg server cm processConnDiagPktList opcode of the router's configuration service. This can be triggered by a specially-crafted network...

Asus RT-AX82U cfg_server cm_processConnDiagPktList denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1592 Asus RT-AX82U cfgserver cmprocessConnDiagPktList denial of service vulnerability January 10, 2023 CVE Number CVE-2022-38393 SUMMARY A denial of service vulnerability exists in the cfgserver cmprocessConnDiagPktList opcode of Asus RT-AX82U...

PT-2023-13590 · Asus · Asus Rt-Ax82U

Name of the Vulnerable Software and Affected Versions: Asus RT-AX82U version 3.0.0.4.386 49674-ge182230 Description: An information disclosure issue exists in the cm processREQ NC opcode of the router's configuration service. A specially-crafted network packet can lead to a disclosure of sensitiv...

Joining new DDC to Multi-Zone CVAD Site fails

New DDC join process to a multi-zone CVAD site spread across different datacenters fails. This happens at the step when each service on the new DDC tries to register with Citrix Configuration service...

Apache Geode configuration request authorization vulnerability

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

Microsoft Windows WLAN AutoConfig Service 资源管理错误漏洞

Microsoft Windows WLAN AutoConfig Service is a wireless network card configuration service for Microsoft Windows Vista and above. Denial of Service vulnerability. The vulnerability stems from a failure to properly handle incoming error messages, and can be exploited to cause a denial of service o...

CVE-2021-32003 Configuration service port remains open 10 minutes after reboot even when already provisioned

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware...

Secomea SiteManager 安全漏洞

Secomea SiteManager is a software application from the Danish company Secomea. It provides a remote maintenance function for industrial equipment. A security vulnerability exists in Secomea SiteManager versions prior to 9.5, which stems from an unprotected credentials transfer vulnerability in th...