744 matches found
CVE-2023-40802
The getparentControllistInfo function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45cn...
CVE-2023-40798
In Tenda AC23 v16.03.07.45cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability...
CVE-2023-40797
In Tenda AC23 v16.03.07.45cn, the sub4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability...
CVE-2023-40797
In Tenda AC23 v16.03.07.45cn, the sub4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability...
CVE-2023-40800
The compareparentcontroltime function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45cn...
CVE-2023-40802
The CVE-2023-40802 entry affects the Tenda AC23 router (v16.03.07.45_cn). The root cause is that the function get_parentControl_list_Info does not validate user-supplied parameters, leading to a post-authentication heap overflow vulnerability. Documented impact indicates a high availability impac...
CVE-2023-40798
In Tenda AC23 v16.03.07.45cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability...
PT-2023-27644 · Tenda · Tenda Ac23
Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.45 cn Description: The compare parentcontrol time function does not authenticate user input parameters, resulting in a post-authentication stack overflow issue. This allows for potential exploitation after a user h...
GHSA-44WR-RMWQ-3PHW Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Summary Bypassing the validatePath function can lead to potential Remote Code Execution Post-authentication, ALLOWADMINCHANGES=true Details In bootstrap.php, the SystemPaths path is set as below. php // Set the vendor path. By default assume that it's 4 levels up from here $vendorPath =...
CVE-2023-33013
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...
Command injection
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...
CVE-2023-33013
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01ABIR.1C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request...
CVE-2023-33013
CVE-2023-33013 affects Zyxel NBG6604 firmware V1.01(ABIR.1)C0, where a post-authentication command injection in the NTP feature could let an authenticated attacker remotely execute OS commands by sending a crafted HTTP request. Root cause described as insufficient input handling/filtering in the ...
Multiple Codesys Products Input Validation Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...
Multiple Codesys Products Input Validation Error Vulnerability
3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. An input validation error vulnerability exists in multiple Codesys products. The vulnerability stems from the fact that after successful authentication of a user's identity, a specifi...
PT-2023-8182 · Zyxel · Zyxel Nas326 +1
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 version V5.21AAZF.14C0 Zyxel NAS542 version V5.21ABAG.11C0 Description: A post-authentication command injection issue in the WSGI server of the Zyxel NAS326 and NAS542 firmware could allow an authenticated attacker to execute som...
CVE-2023-22816
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...
CVE-2023-22815
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have...
Command injection
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300...
CVE-2023-22815
The CVE-2023-22815 issue affects Western Digital My Cloud OS 5 devices prior to 5.26.300. It enables post-authentication remote code execution as root via vulnerable CGI files over the network, requiring existing admin/root privileges (authentication bypass needed) and risking high impact to inte...