34 matches found
Wavlink NU516U1 命令注入漏洞
Wavlink NU516U1 is a wireless print server developed by Wavlink Corporation. The Wavlink NU516U1 M16U1V240425 version has a command injection vulnerability. This vulnerability stems from the direct passing of parameters pppusername/ppppasswd/rwanip/rwanmask/rwangateway through the wan function in...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
EUVD-2026-10039
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...
CVE-2026-2754
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker can retrieve internal network parameters, including ECDIS & OT information, device identifiers, and service status logs by issuing HTTP GET re...
Navtor NavBox 安全漏洞
Navtor NavBox is a shipping information system device developed by the Norwegian company Navtor. It is used for electronic nautical chart management and synchronization of navigation data. There is a security vulnerability in Navtor NavBox, which stems from the lack of authentication in the HTTP...
IPFire 跨站脚本漏洞
IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 Core Update contains a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of VPN configuration...
CVE-2020-7536
A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs BMXP34 versions prior to V3.30 Modicon M340 Communication Ethernet modules BMXNOE0100 H versions prior to V3.4 BMXNOE0110 H versions prior to V6.6 BMXNOR0200H all versions, that could cause th...
CVE-2025-60343
Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the wanMTU, wanSpeed, cloneType, mac, serviceName, serverName, wanMTU2, wanSpeed2, cloneType2, mac2, serviceName2, and...
CVE-2025-51643
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip Winbond 25Q64JVSIQ that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of...
CVE-2025-51643
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip Winbond 25Q64JVSIQ that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of...
CVE-2025-51643
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip Winbond 25Q64JVSIQ that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of...
CVE-2025-51643
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip Winbond 25Q64JVSIQ that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of...
CVE-2025-51643
CVE-2025-51643 concerns the Meitrack T366G-L GPS Tracker. The underlying issue is that the SPI flash memory (Winbond 25Q64JVSIQ) is accessible without authentication or tamper protection, enabling a physical attacker to read the firmware with a standard SPI programmer (e.g., flashrom). Reported i...
CVE-2023-25643
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands...
Command injection
There is a command injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands...
ZTE MC801A 命令注入漏洞
The ZTE MC801A is a 5g indoor WiFi router from China's ZTE ZTE. The ZTE MC801A suffers from an input validation vulnerability in the handling of multiple network parameters, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...
Rockwell Automation Controllers Denial Of Service (CVE-2012-6439)
Rockwell Automation EtherNet/IP products allow remote attackers to cause a denial of service control and communication outage via a CIP message that modifies the 1 configuration or 2 network parameters. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...
CVE-2020-7536
A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs BMXP34 versions prior to V3.30 Modicon M340 Communication Ethernet modules BMXNOE0100 H versions prior to V3.4 BMXNOE0110 H versions prior to V6.6 BMXNOR0200H all versions, that could cause th...