Lucene search
K

16 matches found

OSV
OSV
added 2025/12/30 11:15 a.m.4 views

CVE-2025-15245

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and...

3.3CVSS5.4AI score0.00536EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/30 11:2 a.m.25 views

CVE-2025-15245 D-Link DCS-850L Firmware Update Service uploadfirmware path traversal

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and...

5.1CVSS0.00536EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/30 11:2 a.m.4 views

EUVD-2025-205771

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and...

5.1CVSS6AI score0.00536EPSS
Exploits1References7
CVE
CVE
added 2025/12/30 11:2 a.m.13 views

CVE-2025-15245

CVE-2025-15245 concerns D-Link DCS-850L firmware, version 1.02.09, in the Firmware Update Service’s uploadfirmware function. The issue is a path traversal caused by manipulating the DownloadFile argument. Exploitation requires local-network access, and public exploit code exists. The vulnerabilit...

5.1CVSS6.2AI score0.00536EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/30 11:2 a.m.4 views

CVE-2025-15245 D-Link DCS-850L Firmware Update Service uploadfirmware path traversal

A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and...

5.1CVSS6.2AI score0.00536EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-53922

Name of the Vulnerable Software and Affected Versions D-Link DCS-850L version 1.02.09 Description A flaw exists within the Firmware Update Service component, specifically in the uploadfirmware function. The issue stems from manipulating the DownloadFile argument, leading to a path traversal...

5.1CVSS6.1AI score0.00536EPSS
Exploits1References9
OSV
OSV
added 2025/12/18 5:15 p.m.6 views

CVE-2025-14884

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

7.2CVSS5.7AI score0.09358EPSS
Exploits1References5
NVD
NVD
added 2025/12/18 5:15 p.m.5 views

CVE-2025-14884

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

8.6CVSS0.09358EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/18 5:2 p.m.22 views

CVE-2025-14884 D-Link DIR-605 Firmware Update Service command injection

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

8.6CVSS0.09358EPSS
Exploits1References5
CVE
CVE
added 2025/12/18 5:2 p.m.12 views

CVE-2025-14884

The CVE-2025-14884 entry concerns a remote command-injection vulnerability in the Firmware Update Service of D-Link DIR-605 (version 202WWB03). The issue stems from a flaw in the firmware update component, allowing an attacker to inject commands over the network. The exploit is public, and affect...

8.6CVSS7AI score0.09358EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/18 5:2 p.m.4 views

CVE-2025-14884 D-Link DIR-605 Firmware Update Service command injection

A vulnerability was detected in D-Link DIR-605 202WWB03. Affected by this issue is some unknown functionality of the component Firmware Update Service. Performing manipulation results in command injection. The attack can be initiated remotely. The exploit is now public and may be used. This...

8.6CVSS6.8AI score0.09358EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52269

Name of the Vulnerable Software and Affected Versions D-Link DIR-605 version 202WWB03 Description A flaw exists in the Firmware Update Service component of the device, allowing for command injection. This issue can be exploited remotely. The exploit is publicly available. This vulnerability affec...

8.6CVSS6.9AI score0.09358EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

D-Link DIR-605 命令注入漏洞

The D-Link DIR-605 is a wireless router from China-based AUO D-Link. A command injection vulnerability exists in the D-Link DIR-605 version 202WWB03, which stems from a command injection in the firmware update service component...

8.6CVSS7.4AI score0.09358EPSS
Exploits1References5
OSV
OSV
added 2023/11/28 10:42 p.m.26 views

RLSA-2023:7189 Moderate: fwupd security update

The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

6.5CVSS6.3AI score0.00602EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/07/08 12:0 a.m.4 views

Samsung Tizen 输入验证错误漏洞

Samsung Tizen is an open source Linux kernel-based mobile operating system from South Korea's Samsung, available for devices including smartphones, tablets, smartwatches, netbooks, in-vehicle messaging and entertainment devices, and smart TVs. The input validation error vulnerability exists in...

9.8CVSS8.8AI score0.01641EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/08 12:0 a.m.3 views

SAMSUNG Tizen 安全漏洞

Samsung Tizen is an open-source Linux-based mobile operating system from Samsung, South Korea, for smartphones, tablets, smartwatches, netbooks, in-vehicle messaging and entertainment devices, and smart TVs. The code injection vulnerability in Samsung Tizen stems from an access control error...

10CVSS6AI score0.02352EPSS
Exploits0References1
Rows per page
Query Builder