Lucene search
K

49 matches found

BDU FSTEC
BDU FSTEC
added 2023/09/25 12:0 a.m.6 views

The vulnerability of the pcap_download_handler() function in D-Link DWL-6610AP wireless access points allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the pcapdownloadhandler function in D-Link DWL-6610AP wireless access points is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the updatedevice.packet-capture.tftp-file-name parameter. Exploiting this...

10CVSS7.7AI score0.0231EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/20 2:15 p.m.7 views

CVE-2023-43202

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcapdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...

9.8CVSS7.5AI score0.0231EPSS
Exploits1References2
NVD
NVD
added 2023/09/20 2:15 p.m.26 views

CVE-2023-43202

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcapdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...

9.8CVSS10AI score0.0231EPSS
Exploits1References1
Prion
Prion
added 2023/09/20 2:15 p.m.22 views

Command injection

D-LINK DWL-6610 FWv4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcapdownloadhandler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...

7.5CVSS9.9AI score0.0231EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/08/05 9:15 p.m.3 views

CVE-2023-4171

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be...

5.3CVSS5AI score0.00941EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.7 views

PT-2023-5382 · D Link · D-Link Dwl-6610Ap

Name of the Vulnerable Software and Affected Versions: D-LINK DWL-6610AP version FW v 4.3.0.8B003C Description: A command injection issue was found in the pcap download handler function, allowing attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter...

10CVSS8.4AI score0.0231EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.6 views

PT-2023-5383 · D Link · D-Link Dwl-6610Ap

Name of the Vulnerable Software and Affected Versions: D-LINK DWL-6610AP version 4.3.0.8B003C Description: A command injection issue was discovered in the web cert download handler function, allowing attackers to execute arbitrary commands via the certDownload parameter. This could potentially...

10CVSS8.4AI score0.02328EPSS
Exploits1References7
VulnCheck KEV
VulnCheck KEV
added 2021/10/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-28149

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...

6.5CVSS7AI score0.13751EPSS
Exploits1References1
CVE
CVE
added 2021/05/06 3:12 p.m.96 views

CVE-2021-28149

CVE-2021-28149 (Hongdian H8922 3.0.5) is a local file inclusion vulnerability in the device’s /log_download.cgi log export handler. The issue arises because user input is not validated, allowing a remote attacker with minimal privileges to download arbitrary files from the device by substituting ...

6.5CVSS6.7AI score0.13751EPSS
In wildExploits1References2Affected Software1
Rows per page
Query Builder