CVE-2023-50210

D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this...

CVE-2023-44447

TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. Th...

CVE-2023-50224 TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability...

PT-2024-12290 · Asus · Asus Rt-Ac51U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC51U firmware versions up to and including 3.0.0.4.380.8591 Description: The issue allows local attackers to cause a denial of service via crafted GET request to the httpd service. Recommendations: For firmware versions up to and...

PT-2024-21362 · Asus · Asus Ac68U

Name of the Vulnerable Software and Affected Versions: ASUS AC68U version 3.0.0.4.384.82230 Description: A Null pointer dereference in usr/sbin/httpd allows remote attackers to trigger a denial of service DoS via a network packet. This issue can be exploited to cause a disruption in service...

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default...

TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default...

CVE-2022-46080

Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET...

Authentication flaw

Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET...

CVE-2022-46080

Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET...

CVE-2022-46080

Affected product: Nexxt Nebula 1200-AC, firmware 15.03.06.60. vulnerability CVE-2022-46080 enables authentication bypass and remote command execution by abusing the HTTPD service to enable Telnet. This allows an unauthenticated attacker to turn on Telnet and run commands on the device. The issue ...

PT-2023-6250 · Yifan · Yifan Yf325

Name of the Vulnerable Software and Affected Versions: Yifan YF325 version 1.0 20221108 Description: The issue is related to two heap-based buffer overflow vulnerabilities in the httpd manage post functionality. A specially crafted network request can lead to a heap buffer overflow, allowing an...

CVE-2022-27642

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect...

Authentication flaw

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6211111 3.20.1US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2022-27642

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect...

CVE-2022-43636

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6211111 3.20.1US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2022-43635

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6211111 3.20.1US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP por...

CVE-2022-27642

Summary (CVE-2022-27642) : Affects NETGEAR R6700v3 router with firmware 1.0.4.120_10.0.91. The vulnerability is in the httpd service and stems from incorrect string matching logic when accessing protected pages, allowing network-adjacent attackers to bypass authentication. In combination with oth...

CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

CVE-2022-24973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...