746 matches found
PT-2024-1409 · Zyxel · Zyxel Nas326 +1
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.15C0 Zyxel NAS542 versions through V5.21ABAG.12C0 Description: The issue is related to a post-authentication command injection vulnerability. It could allow an authenticated attacker with administrator...
GL.iNet Unauthenticated Remote Command Execution Exploit
A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This Metasploit exploit requires post-authentication using the...
CVE-2024-0405
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...
CVE-2023-48860
TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code...
CVE-2023-48860
TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code...
CVE-2023-48860
TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code...
CVE-2023-48859
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...
CVE-2023-48859
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...
CVE-2023-48859
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...
Code injection
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...
CVE-2023-48859
TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...
PT-2023-30987 · Totolink · Totolink A3002Ru
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002RU version 2.0.0-B20190902.1958 Description: The issue is related to a post-authentication remote code execution RCE due to incorrect access control. This allows attackers to bypass front-end security restrictions and execute...
FortiWeb VM 7.4.0 build577 CLI Crash
;; ;; FortiWeb VM v7.4.0 build577 Post-auth CLI Crash ;; ;; ... ;; ;; code610 / some debug notes fyi ;; ;; 17.11.2023 @ 23:33 ;; FortiWeb diagnose debug crashlog show 2023-11-16 05:07:00 application cli 2023-11-16 05:07:00 signal Segmentation fault received 2023-11-16 05:07:00 RIP 00007fdd1febf44...
CVE-2023-37928
A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable devic...
PT-2023-8711 · Zyxel · Wax300H +6
Name of the Vulnerable Software and Affected Versions: ZyXEL USG FLEX versions 4.50 through 5.37 Patch 1 ZyXEL USG FLEX 50W/USG20W-VPN versions 4.16 through 5.37 Patch 1 ZyXEL USG FLEX H versions 1.10 through 1.10 Patch 1 ZyXEL ATP series firmware versions 4.32 through 5.37 Patch 1 NWA50AX firmwa...
CVE-2023-41715
SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel...
CVE-2023-41711
SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash...
CVE-2023-39280
SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash...
CVE-2023-39276
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash...
CVE-2023-39276
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash...