Command injection

umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization...

CVE-2020-7628

umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization...

Comtrend VR-3033 Command Injection Vulnerability

The Comtrend VR-3033 is a high power 802.11n 300Mbps single line VDSL router. The Comtrend VR-3033 DE11-416SSG-C01R02.A2pvI042j1.d26m suffers from a command injection vulnerability. A remote authenticated attacker could exploit this vulnerability via the ping and traceroute diagnostic pages to ta...

CVE-2020-9477

An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext password. An attacker...

CVE-2020-9477

An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext password. An attacker...

Buffer Overflow Vulnerability in Tenda Routers

Tenda AC6 is a 1200M 11ac dual-band wireless router built for home users who are upgrading their broadband and updating their routing.Tenda AC15 is a 1900M wireless router.Tenda AC18 is a wireless router product. Tenda routers have a buffer overflow vulnerability that can be exploited by an...

Command injection

An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker ca...

CVE-2019-5142

CVE-2019-5142 affects the Moxa AWK-3131A Series (firmware v1.13). The vulnerability is an OS command injection in the WAP hostname handling: a specially crafted entry to network configuration information can cause arbitrary system commands to execute, giving an attacker full control of the device...

CVE-2019-5142

An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker ca...

CVE-2019-1950

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to ...

The vulnerability of Cisco IOS XE SD-WAN software, related to errors in managing registration data, allows a hacker to gain full control over the device.

The vulnerability of Cisco IOS XE SD-WAN software is related to errors in managing registration data. Exploiting this vulnerability can allow a attacker to gain full control over the device...

Design/Logic Flaw

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...

CVE-2019-6974

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...

CVE-2019-19051

A flaw was found in the way the Linux kernel's WiMAX i2400 driver handled memory release in certain error codes path in the RF kill switch control function. A local attacker able to control the device could use this flaw to crash the system. Mitigation As the i2400m module will be auto-loaded whe...

CVE-2019-15344

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...

hw: Intel GPU Denial Of Service while accessing MMIO in lower power state

A flaw was found in Intel graphics hardware GPU where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected display...

hw: Intel GPU Denial Of Service while accessing MMIO in lower power state

A flaw was found in Intel graphics hardware GPU where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected display...

Communication Key Leakage Vulnerability in Jingdong Xiaojingyu Intelligent Platform

The Little Jingyu Intelligent Platform integrates the original Jingdong Alpha Platform and introduces Jingdong's artificial intelligence and big data capabilities, which not only focuses on the original smart hardware, smart home, and smart travel solutions, but also expands its IoT capabilities ...