Lucene search
K

51 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/21 12:0 a.m.24 views

Siemens LOGO! CMR and SIMATIC RTU 3000 Use of Insufficiently Random Values (CVE-2021-37186)

A vulnerability has been identified in LOGO! CMR2020 All versions V2.2, LOGO! CMR2040 All versions V2.2, SIMATIC RTU3010C All versions V4.0.9, SIMATIC RTU3030C All versions V4.0.9, SIMATIC RTU3031C All versions V4.0.9, SIMATIC RTU3041C All versions V4.0.9. The underlying TCP/IP stack does not...

5.4CVSS6.2AI score0.00356EPSS
Exploits0References3
Veracode
Veracode
added 2022/09/19 8:25 a.m.24 views

Spoofing Attack

lemonldap is vulnerable to spoofing attack. The vulnerability exists in the underlying tcp/ip stack where an attacker with network access to the LAN interface of an affected device could hijack and ingoing connection or spoof a new one...

5.9CVSS6AI score0.00725EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/04/11 1:15 p.m.33 views

CVE-2022-26413

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30ABFX.5C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface...

8CVSS0.00686EPSS
Exploits0References1
Prion
Prion
added 2022/04/11 1:15 p.m.25 views

Command injection

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30ABFX.5C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface...

7.7CVSS8AI score0.00686EPSS
Exploits0References1Affected Software32
CVE
CVE
added 2022/04/11 12:0 p.m.416 views

CVE-2022-26413

The CVE-2022-26413 issue affects Zyxel VMG3312-T20A devices, where a command injection in the CGI program (firmware 5.30(ABFX.5)C0) could allow a local authenticated attacker to run arbitrary OS commands via the LAN interface. Red Hat's advisory confirms the same vulnerability, reinforcing that a...

8CVSS7.9AI score0.00686EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/11 12:0 p.m.36 views

CVE-2022-26413

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30ABFX.5C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface...

8CVSS8.2AI score0.00686EPSS
Exploits0References1
NVD
NVD
added 2022/02/24 3:15 p.m.23 views

CVE-2021-4029

A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface...

8.8CVSS0.00755EPSS
Exploits0References1
OSV
OSV
added 2022/02/24 3:15 p.m.2 views

CVE-2021-4029

A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface...

8.8CVSS7.5AI score0.00755EPSS
Exploits0References1
Prion
Prion
added 2022/02/24 3:15 p.m.15 views

Command injection

A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface...

8.3CVSS9AI score0.00755EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/02/22 2:25 p.m.86 views

CVE-2021-4029

CVE-2021-4029 concerns Zyxel ARMOR Z1/Z2 firmware where the CGI program is vulnerable to command injection over the LAN interface. The available documents identify the affected component as the CGI entry point within the Zyxel firmware and state that an attacker could execute arbitrary OS command...

8.8CVSS8.9AI score0.00755EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/22 2:25 p.m.26 views

CVE-2021-4029

A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface...

8.8CVSS9.2AI score0.00755EPSS
Exploits0References1
Prion
Prion
added 2021/09/14 11:15 a.m.20 views

Information disclosure

A vulnerability has been identified in LOGO! CMR2020 All versions V2.2, LOGO! CMR2040 All versions V2.2, SIMATIC RTU3010C All versions V4.0.9, SIMATIC RTU3030C All versions V4.0.9, SIMATIC RTU3031C All versions V4.0.9, SIMATIC RTU3041C All versions V4.0.9. The underlying TCP/IP stack does not...

4.8CVSS5.3AI score0.00356EPSS
Exploits0References1Affected Software6
ICS
ICS
added 2021/09/14 12:0 a.m.78 views

Siemens LOGO! CMR and SIMATIC RTU 3000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Low attack complexity Vendor: Siemens Equipment: LOGO! CMR, SIMATIC RTU 3000 Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-257-13 Siemens LOGO! CMR...

5.4CVSS5.8AI score0.00356EPSS
Exploits0References11
0day.today
0day.today
added 2019/03/27 12:0 a.m.93 views

DASAN H660RM Information Disclosure / Hardcoded Key Vulnerability

DASAN H660RM allows for unauthenticated ping access, has a hardcoded key for encryption, and logs sensitive information into /tmp. DASAN H660RM Information Disclosure / Hardcoded Key CVE-2019-9974: diagtool.cgi on DASAN H660RM devices with firmware 1.03-0022 allows spawning ping processes without...

9.1CVSS8.1AI score0.02924EPSS
Exploits4
NVD
NVD
added 2017/06/26 7:29 a.m.27 views

CVE-2017-9466

The executable httpd on the TP-Link WR841N V8 router before TL-WR841NUNV8170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuratio...

9.8CVSS9.5AI score0.00488EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2016/11/23 12:0 a.m.70 views

TP-LINK TDDP Buffer Overflow / Missing Authentication

Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode: User...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2016/11/21 12:0 a.m.90 views

D-Link DIR-Series Routers - HNAP Login Stack Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' Payload working status: MIPS: - all valid payloads working the ones that we are able to send without null bytes ARM: - inline rev/bind shell works...

10CVSS7.4AI score0.79947EPSS
Exploits6
Packet Storm
Packet Storm
added 2016/11/21 12:0 a.m.147 views

Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' Payload working status: MIPS: - all valid payloads working the ones that we are able to send without null bytes ARM: - inline rev/bind shell works...

0.8AI score0.79947EPSS
Exploits6
Metasploit
Metasploit
added 2016/11/07 5:45 p.m.39 views

Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow

Several Dlink routers contain a pre-authentication stack buffer overflow vulnerability, which is exposed on the LAN interface on port 80. This vulnerability affects the HNAP SOAP protocol, which accepts arbitrarily long strings into certain XML parameters and then copies them into the stack. This...

9.8CVSS9.7AI score0.79947EPSS
Exploits6
NVD
NVD
added 2016/09/21 2:25 p.m.15 views

CVE-2016-6159

The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface...

7.5CVSS7.8AI score0.0107EPSS
Exploits0References1
Rows per page
Query Builder