13 matches found
CVE-2025-31702
A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...
EUVD-2025-34517
A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...
PT-2025-42234
Name of the Vulnerable Software and Affected Versions Dahua embedded products affected versions not specified Description A security issue exists in Dahua embedded products. An attacker gaining normal user credentials can potentially access data restricted to administrator privileges, including...
Dahua IPC和Dahua SD 安全漏洞
Dahua IPC and Dahua SD are both products of Dahua, a Chinese company.Dahua IPC is a series of industrial controllers from Dahua.Dahua SD is a series of PTZ dome cameras. A security vulnerability exists in the Dahua IPC and Dahua SD. The vulnerability originates from a third-party malicious attack...
Fortinet FortiSwitch Authorization Issues Vulnerability
Fortinet FortiSwitch is a network switch management tool from Fiat Fortinet. Fortinet FortiSwitch suffers from an authorization issue vulnerability that originates from an unauthenticated password change, which can be exploited by an attacker to cause the administrator password to be tampered wit...
Fortinet FortiSwitch 安全漏洞
Fortinet FortiSwitch is a network switch management tool from Fiat Fortinet. Fortinet FortiSwitch suffers from an authorization issue vulnerability that originates from an unauthenticated password change, which can be exploited by an attacker to cause the administrator password to be tampered wit...
cri-o: /etc/passwd tampering privesc
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable...
CVE-2021-31659
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery CSRF. All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the passwo...
CVE-2020-6870
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network...
CVE-2020-6870
The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network...
Unauthorized Access Vulnerability in Schneider Electric Modicon M340 PLCs
Schneider Electric Modicon M340 is a medium-sized PLC from Schneider Electric, which has a wide range of applications in the industrial control field in China. An unauthorized access vulnerability exists in the Schneider Electric Modicon M340 PLC. The vulnerability can be exploited to obtain...
Clickjacking Vulnerability in Schneider Electric Modicon M340 PLCs
Schneider Electric Modicon M340 is a medium-sized PLC from Schneider Electric, which has a wide range of applications in the industrial control field in China. A clickjacking vulnerability exists in the Schneider Electric Modicon M340 PLC. An attacker could tamper with a user's password by...
Logic Design Flaw Vulnerability in DBSHOP_0.9.3_Beta
DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta /module/Mobile/src/Mobile/Controller/HomeController.php there is a logical design flaw vulnerability . As the parameters of the post are passed to $passArray to determine whether the original...