92 matches found
PT-2022-17985 · Unknown · Nats Server +1
Name of the Vulnerable Software and Affected Versions: NATS Server versions 2.2.0 through 2.7.3 NATS Streaming Server versions 0.15.0 through 0.24.2 Description: The issue allows for Directory Traversal with write access via an element in a ZIP archive for JetStream streams, enabling arbitrary fi...
Nats-Server 路径遍历漏洞
Nats-Server is a high performance server for Nats.io, cloud and edge native messaging systems. A security vulnerability exists in the JetStream component of Nats-Server versions prior to 2.7.4, which stems from not properly cleaning up the elements of archive files.Users of NATS may cause the NAT...
CVE-2020-10974
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3,...
CVE-2020-10971
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...
CVE-2020-10971
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...
Command injection
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...
Information disclosure
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3,...
CVE-2020-10971
The CVE-2020-10971 issue affects Wavlink Jetstream devices (examples include WN530HG4, WN575A3, WN579G3, WN531G3, WN533A8, WN531A6, WN551K1, WN535G3, WN530H4, WN57X93, WN572HG3, WN578A2, WN579X3, and Jetstream AC3000/ERAC3000). Root cause: a crafted POST to adm.cgi can execute the supplied comman...
CVE-2020-10971
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...
CVE-2020-10974
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3,...
CVE-2020-10974
The CVE-2020-10974 entry describes an information-disclosure flaw in a device backup feature: a crafted POST request can return the current device configuration in cleartext, including the administrator password, without any authentication. Affected devices include WAVLINK WN575A3, WN579G3, WN531...
CVE-2020-12266
CVE-2020-12266 concerns multiple externally accessible pages (live_*.shtml) on Wavlink/WN-series devices that can be accessed without authentication, exposing extensive device information (IP/MAC, firmware, location, processes, interfaces, DHCP leases, wireless networks in range, memory, configur...