Lucene search
+L

379 matches found

Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.14 views

PT-2026-5764

The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...

8.9CVSS5.5AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.17 views

PT-2026-5766

The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...

6.3CVSS5.6AI score0.00156EPSS
Exploits0References2
Fedora
Fedora
added 2026/01/16 5:53 p.m.10 views

[SECURITY] Fedora 42 Update: foomuuri-0.31-1.fc42

Foomuuri is a firewall generator for nftables based on the concept of zones. It is suitable for all systems from personal machines to corporate firewalls, and supports advanced features such as a rich rule language, IPv4/IPv6 rule splitting, dynamic DNS lookups, a D-Bus API and FirewallD emulatio...

7CVSS7AI score0.00171EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.8 views

CVE-2022-27002

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddnsname, ddnspwd, hddns、ddnshost parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

10CVSS8.5AI score0.0612EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:41 a.m.11 views

CVE-1999-0184

When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records...

6.4CVSS7AI score0.01909EPSS
Exploits0References1
NVD
NVD
added 2025/12/25 3:15 p.m.5 views

CVE-2025-15081

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub4780 of the file /jdcapi. Such manipulation of the argument ddnsname leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS0.02347EPSS
Exploits0References4
OSV
OSV
added 2025/12/09 4:17 p.m.4 views

CVE-2024-56836

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...

8.8CVSS5.8AI score0.00405EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 10:44 a.m.12 views

CVE-2024-56836

The CVE-2024-56836 issue affects Siemens RUGGEDCOM ROX II devices (MX5000/MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) with versions before 2.17.0. According to connected documents, the vulnerability arises during Dynamic DNS configuration where additional con...

8.8CVSS8.9AI score0.00405EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/09 10:44 a.m.29 views

CVE-2024-56836

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...

7.7CVSS0.00405EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.8 views

PT-2025-49827

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX II versions prior to 2.17.0 Description A flaw exists in the RUGGEDCOM ROX II family that allows for the injection of additional configuration parameters during Dynamic DNS configuration. An attacker could potentially exploit thi...

8.8CVSS9.2AI score0.00405EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.7 views

Siemens RUGGEDCOM ROX II 命令注入漏洞

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from a command injection vulnerability that is caused by a flaw in the dynamic DNS configuration process. An attacker can exploit the vulnerability to execute...

8.8CVSS9.6AI score0.00405EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/23 12:0 a.m.7 views

D-Link DWR-M920和D-Link DIR-822K 缓冲区错误漏洞

The D-Link DWR-M920 and D-Link DIR-822K are both products of China-based AUO D-Link.The D-Link DWR-M920 is a router.The D-Link DIR-822K is a wireless router.The D-Link DWR-M920 and D-Link DIR-822K are both products of China-based AUO D-Link.The D-Link DWR-M920 and D-Link DIR-822K are wireless...

9CVSS8.8AI score0.00676EPSS
Exploits1References8
OSV
OSV
added 2025/11/21 6:19 p.m.5 views

RLSA-2025:21038 Important: kea security update

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

7.5CVSS6.8AI score0.00387EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/14 12:1 a.m.5 views

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

7.3CVSS8.5AI score0.0382EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/14 12:1 a.m.6 views

CVE-2025-60672

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

6.5CVSS8.2AI score0.03627EPSS
Exploits1References1
NVD
NVD
added 2025/11/13 6:15 p.m.5 views

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

7.3CVSS0.0382EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/13 12:0 a.m.3 views

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

8.1AI score0.0382EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/13 12:0 a.m.25 views

CVE-2025-60697

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...

0.0382EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/13 12:0 a.m.6 views

CVE-2025-60672

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

7.8AI score0.03627EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.5 views

D-Link DIR-878 安全漏洞

The D-Link DIR-878 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-878 version A1FW101B04.bin, which originates from the unvalidated ServerAddress and Hostname parameters in the SetDynamicDNSSettings function, which can lead to remote command...

6.5CVSS7.1AI score0.03627EPSS
Exploits1References5
Rows per page
Query Builder