379 matches found
PT-2026-5764
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the communication to perform a Man-in-the-Middle MitM attack, whi...
PT-2026-5766
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...
[SECURITY] Fedora 42 Update: foomuuri-0.31-1.fc42
Foomuuri is a firewall generator for nftables based on the concept of zones. It is suitable for all systems from personal machines to corporate firewalls, and supports advanced features such as a rich rule language, IPv4/IPv6 rule splitting, dynamic DNS lookups, a D-Bus API and FirewallD emulatio...
CVE-2022-27002
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddnsname, ddnspwd, hddns、ddnshost parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-1999-0184
When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records...
CVE-2025-15081
A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub4780 of the file /jdcapi. Such manipulation of the argument ddnsname leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...
CVE-2024-56836
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...
CVE-2024-56836
The CVE-2024-56836 issue affects Siemens RUGGEDCOM ROX II devices (MX5000/MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000) with versions before 2.17.0. According to connected documents, the vulnerability arises during Dynamic DNS configuration where additional con...
CVE-2024-56836
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...
PT-2025-49827
Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX II versions prior to 2.17.0 Description A flaw exists in the RUGGEDCOM ROX II family that allows for the injection of additional configuration parameters during Dynamic DNS configuration. An attacker could potentially exploit thi...
Siemens RUGGEDCOM ROX II 命令注入漏洞
Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from a command injection vulnerability that is caused by a flaw in the dynamic DNS configuration process. An attacker can exploit the vulnerability to execute...
D-Link DWR-M920和D-Link DIR-822K 缓冲区错误漏洞
The D-Link DWR-M920 and D-Link DIR-822K are both products of China-based AUO D-Link.The D-Link DWR-M920 is a router.The D-Link DIR-822K is a wireless router.The D-Link DWR-M920 and D-Link DIR-822K are both products of China-based AUO D-Link.The D-Link DWR-M920 and D-Link DIR-822K are wireless...
RLSA-2025:21038 Important: kea security update
DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...
CVE-2025-60697
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...
CVE-2025-60672
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...
CVE-2025-60697
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...
CVE-2025-60697
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...
CVE-2025-60697
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub4438A4 function in prog.cgi stores user-supplied DDNS parameters ServerAddress and Hostname in NVRAM via nvramsafeset. These values are later retrieved in th...
CVE-2025-60672
An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...
D-Link DIR-878 安全漏洞
The D-Link DIR-878 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-878 version A1FW101B04.bin, which originates from the unvalidated ServerAddress and Hostname parameters in the SetDynamicDNSSettings function, which can lead to remote command...