Design/Logic Flaw

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...

CVE-2023-48266

CVE-2023-48266 affects Bosch Nexo devices (notably NEXO-OS) and is described across sources as an unauthenticated, remote DoS vector with potential RCE via a crafted network request. The root cause is a stack-based buffer overflow in NEXO-OS. Exploitation status is not detailed in the provided do...

CVE-2023-48264

CVE-2023-48264 affects Bosch Nexo cordless nutrunner family. Connected sources describe an unauthenticated remote attacker exploit leveraging a stack-buffer overflow via a crafted network request, causing DoS and potentially remote code execution. The issue is tied to Bosch’s Nexo line (including...

CVE-2023-48264

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...

CVE-2023-48262

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...

PT-2024-1185 · Bosch · Bosch Nexo Cordless Nutrunner +2

Name of the Vulnerable Software and Affected Versions: Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner affected versions not specified Description: The issue is related to a buffer overflow in the stack of the NEXO-OS operating system. It allows an unauthenticated remote...

CVE-2023-35056

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

CVE-2023-32645

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...

CVE-2023-35055

A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the nextpage parameter in the...

CVE-2023-34426

A stack-based buffer overflow vulnerability exists in the httpd managerequest functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...

CVE-2023-31272

A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...

CVE-2023-24479

An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...

Yifan YF325 Buffer Error Vulnerability

Yifan YF325 is a wireless router from Yifan Yifan. A security vulnerability exists in Yifan YF325 v1.020221108, which stems from a specially crafted network request that could result in a stack-based buffer overflow...

CVE-2023-22844

An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability...

Sql injection

A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-22319

A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a malicious packet to trigger this vulnerability...

Milesight UR32L eventcore access violation vulnerability

Talos Vulnerability Report TALOS-2023-1696 Milesight UR32L eventcore access violation vulnerability July 6, 2023 CVE Number CVE-2023-23571 SUMMARY An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to...

SUSE CVE-2022-23712

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request...

Siretta QUARTZ-GOLD OS Command Injection Vulnerability

Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to an operating system command injection vulnerability that could be exploited by an attacker to cause arbitrary command execution via a crafted network request...

Siretta QUARTZ-GOLD 操作系统命令注入漏洞

Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to an operating system command injection vulnerability that could be exploited by an attacker to cause arbitrary command execution by sending a crafted network reque...