34 matches found
Format string
ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity...
CVE-2022-46782
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine...
PT-2023-15584 · Totolink · Totolink A7100Ru
Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was discovered via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. This allows for potential exploitation. Recommendations: For...
TOTOLINK A7100RU 操作系统命令注入漏洞
The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOlink A7100RU V7.4cu.2313B20191024 version, which stems from a command injection issue contained in the password parameter of the...
Robustel R1510 web_server ajax endpoints OS command injection vulnerabilities
Summary Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...
TOTOLINK A7100RU 操作系统命令注入漏洞
The TOTOLINK A7100RU is a wireless router from TOTOLINK China. A security vulnerability exists in the TOTOLINK A7100RU v7.4cu.2313b20191024 firmware version, which originates from a command injection attack on the setOpenVpnCfg interface. An attacker can exploit this vulnerability to execute...
CVE-2022-27269
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component configovpn. This vulnerability is triggered via a crafted packet...
The vulnerability of software for creating a private VPN client, related to errors in system settings or configuration, allows a hacker to execute arbitrary code or enhance their privileges.
The vulnerability of software for creating a private OpenVPN-client virtual network is related to errors in system settings or configuration. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain increased privileges...
CVE-2021-20145
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, o...
Vulnerabilities fixed in OpenVPN
Vulnerabilities have been fixed in the Windows versions of OpenVPN and OpenVPN Connect. A local malicious party could potentially exploit them to execute arbitrary code under the rights of the OpenVPN process. To do this, the malicious party must modify the OpenVPN configuration file such that th...
Ntop nDPI Buffer Overflow Vulnerability (CNVD-2020-36700)
Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. A buffer overflow vulnerability exists in the ndpisearchopenvpn file in lib/protocols/openvpn.c in Ntop nDPI 3.2 and earlier versions. The vulnerability stems from a network system or product performing operations in...
The vulnerability of OpenVPN software is related to issues with encryption using a 64-bit block. This allows a hacker to restore the original message.
The vulnerability of the OpenVPN software is related to issues with encryption when using a 64-bit block cipher. Exploiting this vulnerability allows a malicious actor to restore the original message through a “Sweet32” attack...
The vulnerability of the command-line tool astra-openvpn-server for configuring OpenVPN servers on the Astra Linux operating system stems from a configuration parameter interpretation error in the client software. This flaw allows an attacker to cause a service failure.
The vulnerability of the command-line tool astra-openvpn-server for configuring OpenVPN servers on the Astra Linux operating system is related to an interpretation error in the configuration parameters set for clients. Exploiting this vulnerability allows a malicious actor to cause service failur...
DEBIAN-CVE-2017-7478
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...