8515 matches found
PT-2023-4734 · Totolink · Totolink N200Re V5
Name of the Vulnerable Software and Affected Versions: TOTOLINK N200RE V5 version 9.3.5u.6437 B20230519 Description: The issue is related to the Validity check function in the TOTOLINK N200RE V5 router's firmware. It involves the use of uncontrolled format strings when processing the % symbol,...
Format string
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
UBUNTU-CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...
Exploit for Use of Externally-Controlled Format String in Asus Rt-Ac86U_Firmware
CVE-2023-35086-POC July 25 2023, Altin tin-z, github.com/t...
CVE-2023-35087
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cmprocessChangedConfigMsg in ccmprocessREQCHANGEDCONFIG function in AiMesh system. An unauthenticated remote attacker can exploit thi...
CVE-2023-35087
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cmprocessChangedConfigMsg in ccmprocessREQCHANGEDCONFIG function in AiMesh system. An unauthenticated remote attacker can exploit thi...
CVE-2023-35086
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. A remote attacker with administrator privilege can exploit...
CVE-2023-35086
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. A remote attacker with administrator privilege can exploit...
Format string
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. An unauthenticated remote attacker without privilege can...
CVE-2023-35087 ASUS RT-AX56U V2 & RT-AC86U - Format String - 2
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cmprocessChangedConfigMsg in ccmprocessREQCHANGEDCONFIG function in AiMesh system. An unauthenticated remote attacker can exploit thi...
CVE-2023-35087 ASUS RT-AX56U V2 & RT-AC86U - Format String - 2
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cmprocessChangedConfigMsg in ccmprocessREQCHANGEDCONFIG function in AiMesh system. An unauthenticated remote attacker can exploit thi...
CVE-2023-35087
Summary (CVE-2023-35087) A format string vulnerability affects ASUS RT-AX56U V2 (v3.0.0.4.386_50460) and RT-AC86U (v3.0.0.4_386_51529) in the AiMesh subsystem. The issue arises from lack of input validation for a value passed to the function cm_processChangedConfigMsg within ccm_processREQ_CHANGE...
CVE-2023-35086 ASUS RT-AX56U V2 & RT-AC86U - Format String -1
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. A remote attacker with administrator privilege can exploit...
CVE-2023-35086
A format-string vulnerability exists in ASUS RT-AX56U V2 and RT-AC86U within the httpd module’s detwan.cgi, triggered by untrusted input passed to a syslog-enabled path (logmessage_normal). The GitHub PoC describes firmwares ≤ RT-AX56U V2 3.0.0.4.386_50460 and RT-AC86U 3.0.0.4_386_51529 as affect...
CVE-2023-35086 ASUS RT-AX56U V2 & RT-AC86U - Format String -1
It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. A remote attacker with administrator privilege can exploit...
ASUS RT-AX56U 格式化字符串错误漏洞
The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U V2 and RT-AC86U suffer from a Format String Error vulnerability that stems from the presence of a format string vulnerability, which can be exploited by an unauthenticated, remote attacker to perform remote arbitrary code...
ASUS RT-AX56U 格式化字符串错误漏洞
The ASUS RT-AX56U is a wireless router from Asus China. The ASUS RT-AX56U V2 and RT-AC86U suffer from a Format String Error vulnerability that stems from the presence of a format string vulnerability, which can be exploited by an unauthenticated, remote attacker to perform remote arbitrary code...
CVE-2023-33011
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...
CVE-2023-33011
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...
Format string
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN...