82 matches found
Milesight UR32L 缓冲区错误漏洞
The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L setopenvpnclient function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to cras...
PT-2023-5081 · Milesight · Milesight Ur32L
Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by a buffer overflow vulnerability in the set openvpn client function of the Milesight UR32L router's firmware. This vulnerability can be exploited by a remote attacker to...
CVE-2022-44843
TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function...
TOTOLINK A7100RU 操作系统命令注入漏洞
The TOTOLINK A7100RU is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK A7100RU version V7.4cu.2313B20191024, which stems from the discovery of a command injection vulnerability via the port number of the...
CVE-2021-27406
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...
CVE-2021-27406
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...
CVE-2021-27406 PerFact OpenVPN-Client
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...
CVE-2021-27406 PerFact OpenVPN-Client
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...
kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks...
PT-2021-6006 · Perfact · Openvpn-Client
Name of the Vulnerable Software and Affected Versions: PerFact OpenVPN-Client versions 1.4.1.0 and prior Description: The issue allows an attacker to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instan...
PerFact OpenVPN-Client
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PerFact Equipment: OpenVPN-Client Vulnerability: External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for local privilege...
Synology DiskStation Manager Trust Management Issue Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A security vulnerability exists in Synology DiskStation Manager DSM versions...
CVE-2020-27648
Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager DSM before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2020-27649
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Input validation
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager SRM before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
PT-2020-16746 · Openvpn +1 · Openvpn +1
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-2 Description: The issue is related to improper certificate validation in the OpenVPN client, allowing man-in-the-middle attackers to spoof servers and obtain sensitive informatio...
Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS
Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...
Aviatrix Systems OpenVPN client input validation error vulnerability
Aviatrix Systems OpenVPN client is a VPN Virtual Private Network client program from Aviatrix Systems, USA. An input validation error vulnerability exists in Aviatrix Systems OpenVPN client Linux, macOS, and Windows versions 2.5.7 and earlier. An attacker can exploit this vulnerability by changin...
CVE-2020-7224
The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load...
CVE-2018-11479
The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...