Lucene search
+L

261 matches found

redhatcve
redhatcve
added 2025/05/22 10:41 p.m.7 views

CVE-2022-28573

D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the systemtimetimezone parameter...

10CVSS8.7AI score0.27462EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 5:36 p.m.8 views

CVE-2020-9020

Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...

10CVSS7.6AI score0.02535EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 5:10 p.m.12 views

CVE-2020-35262

Cross Site Scripting XSS vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter...

6.1CVSS6AI score0.00856EPSS
Exploits2
redhatcve
redhatcve
added 2025/05/22 3:22 p.m.9 views

CVE-2020-25498

Cross Site Scripting XSS vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter...

4.8CVSS6AI score0.01061EPSS
Exploits2
saint
saint
added 2025/03/21 12:0 a.m.164 views

Edimax IP Camera NTP_serverName command injection

Added: 03/21/2025 CVE: CVE-2025-1316 Background Edimax IP Cameras are a product line of security cameras which send video footage over an IP network. Problem A command injection vulnerability in the NTPserverName POST parameter of an update request allows remote attackers to execute arbitrary...

9.8CVSS8.8AI score0.7227EPSS
Exploits2
redhatcve
redhatcve
added 2025/02/26 5:20 p.m.8 views

CVE-2025-22495

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4. Note -...

8.4CVSS8.3AI score0.00396EPSS
Exploits0References4
nvd
nvd
added 2025/02/24 5:15 p.m.13 views

CVE-2025-22495

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4. Note -...

8.4CVSS0.00396EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/02/24 4:27 p.m.6 views

CVE-2025-22495

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4. Note -...

8.4CVSS6.8AI score0.00396EPSS
Exploits0References2
cvelist
cvelist
added 2025/02/24 4:27 p.m.15 views

CVE-2025-22495

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4. Note -...

8.4CVSS0.00396EPSS
Exploits0References2
cve
cve
added 2025/02/24 4:27 p.m.63 views

CVE-2025-22495

The CVE-2025-22495 affects the Eaton Network-M2 card, where an improper input validation in the NTP server configuration field can allow an authenticated high-privilege user to execute arbitrary commands. The issue has been fixed in version 3.0.4. Network-M2 is end-of-life; Network-M3 is the reco...

8.4CVSS7.2AI score0.00396EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/02/13 5:43 p.m.11 views

CVE-2023-2573

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...

8.8CVSS7.1AI score0.04751EPSS
Exploits3References1
osv
osv
added 2025/01/27 3:15 p.m.3 views

CVE-2024-57590

TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntpsync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntpserver" passed to the "ntpsync.cgi" binary through a POST request...

9.8CVSS6.1AI score0.01093EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/01/27 12:0 a.m.6 views

PT-2025-3479 · Trendnet · Trendnet Tew-632Brp

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-632BRP version 1.010B31 Description: The issue is related to an OS command injection vulnerability in the CGl interface "ntp sync.cgi". This vulnerability allows remote attackers to execute arbitrary commands via the ntp server...

9.8CVSS8.8AI score0.01093EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/11/07 12:0 a.m.5 views

PT-2024-10857 · Circontrol · Circontrol Raption

Name of the Vulnerable Software and Affected Versions: Circontrol Raption versions through 5.6.2 Description: The pwrstudio web application of EV Charger is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip. This issue affects...

9.8CVSS7.8AI score0.01756EPSS
Exploits1References11
packetstorm
packetstorm
added 2024/09/01 12:0 a.m.285 views

NTP Mode 7 GET_RESTRICT DRDoS Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 7 GETRESTRICT DRDoS Scanner', 'Description' = %q This module identifies NTP servers which permit "reslist" queries and obtains the list ...

5CVSS6.7AI score0.97755EPSS
Exploits23
packetstorm
packetstorm
added 2024/08/31 12:0 a.m.179 views

NTP Mode 6 REQ_NONCE DRDoS Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 6 REQNONCE DRDoS Scanner', 'Description' = %q This module identifies NTP servers which permit mode 6 REQNONCE requests that can be used ...

5CVSS6.7AI score0.97755EPSS
Exploits23
cve
cve
added 2024/05/07 10:55 p.m.71 views

CVE-2023-35757

The CVE affects D-Link DAP-2622 routers, specifically the DDP Set Date Time NTP server. The root cause is a lack of proper validation of the length of user-supplied data before copying it to a fixed-length stack buffer in the DDP service, enabling a stack-based buffer overflow. This can allow net...

8.8CVSS9.1AI score0.00605EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/05/07 10:55 p.m.17 views

CVE-2023-35757 D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.00605EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/05/07 12:0 a.m.6 views

Faraday GM8181和Faraday GM828x 操作系统命令注入漏洞

The Faraday GM8181 and Faraday GM828x are both hardware devices from China-based Smartwon Technology Faraday. An operating system command injection vulnerability exists in the Faraday GM8181 and GM828x version 20240429 and earlier versions, which stems from the fact that incorrect manipulation of...

7.5CVSS7.7AI score0.01442EPSS
Exploits0References6
cve
cve
added 2024/05/03 1:57 a.m.93 views

CVE-2023-34275

CVE-2023-34275 describes a remote code execution on the D-Link DIR-2150 router due to a flaw in the SOAP API interface that handles SetNTPServerSettings. The vulnerability stems from improper validation of a user-supplied string before it is used to perform a system call, allowing an attacker to ...

8CVSS7.3AI score0.0176EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder