Lucene search
K

34 matches found

Prion
Prion
added 2023/09/18 3:15 a.m.13 views

Format string

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity...

6.5CVSS8.5AI score0.00645EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/08/05 2:15 a.m.4 views

CVE-2022-46782

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine...

7.8CVSS7.3AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.4 views

PT-2023-15584 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was discovered via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. This allows for potential exploitation. Recommendations: For...

9.8CVSS9.4AI score0.01958EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.6 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOlink A7100RU V7.4cu.2313B20191024 version, which stems from a command injection issue contained in the password parameter of the...

9.8CVSS8.4AI score0.01958EPSS
Exploits1References2
Talos
Talos
added 2022/06/30 12:0 a.m.59 views

Robustel R1510 web_server ajax endpoints OS command injection vulnerabilities

Summary Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...

9.8CVSS10AI score0.04251EPSS
Exploits5
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.4 views

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router from TOTOLINK China. A security vulnerability exists in the TOTOLINK A7100RU v7.4cu.2313b20191024 firmware version, which originates from a command injection attack on the setOpenVpnCfg interface. An attacker can exploit this vulnerability to execute...

10CVSS8.8AI score0.02945EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/10 9:15 p.m.3 views

CVE-2022-27269

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component configovpn. This vulnerability is triggered via a crafted packet...

9.8CVSS6.5AI score0.03592EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/02/01 12:0 a.m.6 views

The vulnerability of software for creating a private VPN client, related to errors in system settings or configuration, allows a hacker to execute arbitrary code or enhance their privileges.

The vulnerability of software for creating a private OpenVPN-client virtual network is related to errors in system settings or configuration. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain increased privileges...

9CVSS8AI score0.00921EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/12/09 4:15 p.m.5 views

CVE-2021-20145

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, o...

7.5CVSS5.8AI score0.01242EPSS
Exploits1References1
NCSC
NCSC
added 2021/07/05 12:0 a.m.6 views

Vulnerabilities fixed in OpenVPN

Vulnerabilities have been fixed in the Windows versions of OpenVPN and OpenVPN Connect. A local malicious party could potentially exploit them to execute arbitrary code under the rights of the OpenVPN process. To do this, the malicious party must modify the OpenVPN configuration file such that th...

7.8CVSS7.6AI score0.00568EPSS
Exploits0
CNVD
CNVD
added 2020/07/02 12:0 a.m.2 views

Ntop nDPI Buffer Overflow Vulnerability (CNVD-2020-36700)

Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. A buffer overflow vulnerability exists in the ndpisearchopenvpn file in lib/protocols/openvpn.c in Ntop nDPI 3.2 and earlier versions. The vulnerability stems from a network system or product performing operations in...

9.1CVSS7.3AI score0.01288EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.7 views

The vulnerability of OpenVPN software is related to issues with encryption using a 64-bit block. This allows a hacker to restore the original message.

The vulnerability of the OpenVPN software is related to issues with encryption when using a 64-bit block cipher. Exploiting this vulnerability allows a malicious actor to restore the original message through a “Sweet32” attack...

7.1CVSS6.5AI score0.0594EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/03/12 12:0 a.m.6 views

The vulnerability of the command-line tool astra-openvpn-server for configuring OpenVPN servers on the Astra Linux operating system stems from a configuration parameter interpretation error in the client software. This flaw allows an attacker to cause a service failure.

The vulnerability of the command-line tool astra-openvpn-server for configuring OpenVPN servers on the Astra Linux operating system is related to an interpretation error in the configuration parameters set for clients. Exploiting this vulnerability allows a malicious actor to cause service failur...

3.1CVSS5.5AI score
Exploits0References1
OSV
OSV
added 2017/05/15 6:29 p.m.3 views

DEBIAN-CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

7.5CVSS7.4AI score0.13892EPSS
Exploits2References1
Rows per page
Query Builder