738 matches found
CVE-2022-26042
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26007
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26007
CVE-2022-26007 corresponds to an InHand InRouter302 OS command injection in the console factory. A privileged user can pass a crafted token to the factory command (via iwpriv) that is concatenated and passed to system(), enabling arbitrary command execution. Talos details show potential chainabil...
CVE-2022-26007
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26002
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability...
CVE-2022-25995
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
InHand Networks InRouter302 缓冲区错误漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. The InHand Networks InRouter302 version V3.5.4 is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to cause remote code execution via a specially crafted network request...
InHand Networks InRouter302 console infactory hard-coded password vulnerability
Summary A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested...
CVE-2021-40422
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...
Memory corruption
A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...
CVE-2021-40422
An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...
Remote code execution
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging JAI API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects th...
CVE-2021-39771
In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...
Swift Sensors Gateway device password generation authentication bypass vulnerability
Summary An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Version...
Rockwell Automation 1794-AENT Flex I/O Series B Buffer Copy Without Checking Size of Input (CVE-2020-6086)
An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen- Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...
Rockwell Automation 1794-AENT Flex I/O Series B Buffer Copy Without Checking Size of Input (CVE-2020-6085)
An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen- Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...
Rockwell Automation 1794-AENT Flex I/O Series B Buffer Copy Without Checking Size of Input (CVE-2020-6087)
An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen- Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...
CVE-2022-21801
A denial of service vulnerability exists in the netserver recvcommand functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2022-21801
A denial of service vulnerability exists in the netserver recvcommand functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2022-21217
An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability...