20 matches found
CVE-2026-35904
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component...
T3 Technology CPE models 安全漏洞
T3 Technology CPE models are a series of 4G/5G customer premises equipment developed by the Thai company T3 Technology. There are security vulnerabilities in the T3 Technology CPE models version 1.0.07 and the T6825G version 1.0.03. These vulnerabilities stem from unrecorded debug CGI endpoints,...
T3 Technology CPE models 安全漏洞
T3 Technology CPE models are a series of 4G/5G customer premises equipment developed by the Thai company T3 Technology. The T3 Technology CPE models, including versions v1.0.07, T6825G v1.0.03, and T7281 v1.0.03, contain security vulnerabilities. These vulnerabilities stem from the hardcoded...
CVE-2026-35906
An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string...
PT-2026-46240
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via sending a crafted request to a vulnerable CGI component...
Jointelli 5G CPE 21H01 安全漏洞
The Jointelli 5G CPE 21H01 is a router from the Chinese company Jointelli. A security vulnerability exists in the Jointelli 5G CPE 21H01 JY21H01A3v1.36 version, which stems from the presence of OS command injection on multiple endpoints that could lead to the execution of arbitrary commands...
CVE-2024-25656
Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...
The vulnerability of the DNSServer software’s microprogramming system in Wi-Fi amplifiers, subscriber terminals, DSL/Ethernet CPE routers allows a perpetrator to execute arbitrary commands.
The vulnerability of the DNSServer software, a microprogramming-based system for Wi-Fi amplifiers, subscriber terminals, Fiber ONTs, and DSL/Ethernet CPEs exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows an attacker operating remotely to...
The vulnerability of Zyxel CPE series network device microprogramming software lies in the use of rigidly encrypted login credentials, which allows attackers to execute arbitrary codes.
The vulnerability of Zyxel network device software of the CPE series is related to the use of rigidly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using the default login credentials...
Arcadyan Meteor 2 CPE 安全漏洞
Arcadyan Meteor 2 CPE is a high-end home integrated access device from China Smart Arcadyan. A security vulnerability exists in the Arcadyan Meteor 2 CPE FG360 Firmware ETV version 2.10. An attacker can exploit the vulnerability to execute arbitrary code via a specially crafted request...
The vulnerabilities of microprogrammed software in Wi-Fi transceivers, Wi-Fi amplifiers, Fiber ONTs, DSL/Ethernet CPE routers allow attackers to cause service interruptions.
The vulnerability of microprogrammed software in Wi-Fi transceivers, Wi-Fi amplifiers, Fiber ONTs, and DSL/Ethernet CPE routers lies in the fact that the operation data is exposed beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2024-34210
TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter...
TOTOLINK CPE CP450 安全漏洞
TOTOLINK CPE CP450 is an outdoor wireless client terminal device from China Gion Electronics TOTOLINK, which is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. The TOTOLINK CPE CP450 suffers from a buffer overflow...
PT-2024-21072 · Avsystem · Avsystem Unified Management Platform
Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: The issue is related to improper input validation, which can result in unauthenticated Customer Premises Equipment CPE devices storing arbitrarily large amounts of...
The vulnerability of the CPE WAN Management Protocol (TR-069) software implementation for centralized device management in the Zyxel Cloud network, enabled by SecuManager, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the CPE WAN Management Protocol TR-069 software for centralized device management in the Zyxel Cloud environment is related to the use of strictly encrypted credentials during the processing of SSH keys. The exploit allows an attacker to gain unauthorized access to protected...
CVE-2017-6094
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...
The vulnerability of the add_pseudoheader function in the Dnsmasq DNS server allows a hacker to cause a service failure.
The vulnerability of the addpseudoheader function in the Dnsmasq DNS server arises from the loss of a significant number of bits in cases where parameters addmac, addcpeid, or addsubnet are specified. Exploiting this vulnerability allows a malicious actor to cause a service failure through a...
Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability
A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a standby Performance Routing Engine PRE to leak a small portion of memory on a targeted system, resulting in a denial of service DoS condition. The vulnerability is due to...
Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability
A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a Performance Routing Engine PRE crash on a targeted system, resulting in a denial of service DoS condition. The vulnerability is due to a race condition that may cause a...
Security Advisory: CBOS - Improving Resilience to DoS Attacks
-----BEGIN PGP SIGNED MESSAGE----- Cisco Security Advisory: CBOS - Improving Resilience to Denial-of-Service Attacks ========================================================================= Revision 1.0 For Public Release 2002 May 23 16:00 UTC+0000 -...