Lucene search
K

24 matches found

CVE
CVE
added yesterday9 views

CVE-2026-38057

The CVE-2026-38057 entry affects the iDirect iQ200 series. The issue is CSRF on state-changing API endpoints, specifically the /api/reboot POST endpoint, which accepts requests authenticated only by a session cookie that lacks the SameSite attribute. A remote attacker can lure an authenticated ad...

8.1CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday11 views

CVE-2026-38057 ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.12 views

PT-2026-37213

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow can be triggered remotely in the HTTP Handler component. The issue exists within the sprintf function of the '/auto reboot.asp' endpoint, where manipulation of the enable/time...

10CVSS7.4AI score0.01515EPSS
Exploits1References16
RedhatCVE
RedhatCVE
added 2026/02/24 1:34 a.m.10 views

CVE-2026-2962

A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...

9CVSS8.6AI score0.03384EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/23 12:32 a.m.7 views

CVE-2026-2962

A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...

9CVSS8.4AI score0.03384EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/23 12:32 a.m.6 views

CVE-2026-2962 D-Link DWR-M960 Scheduled Reboot Configuration Endpoint formDateReboot sub_460F30 stack-based overflow

A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...

9CVSS8.6AI score0.03384EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.9 views

D-Link DWR-M960 安全漏洞

The D-Link DWR-M960 is a router produced by D-Link Corporation. Version 1.01.07 of the D-Link DWR-M960 contains a security vulnerability. This vulnerability stems from incorrect handling of a parameter called submit-url in the function sub460F30 of the Scheduled Reboot Configuration Endpoint, whi...

9CVSS7.7AI score0.03384EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/02/12 8:38 a.m.197 views

Exploit for CVE-2026-26235

👤 Author Mohammed Idrees Banyamer - 📍 Country: Jorda...

8.7CVSS6AI score0.01784EPSS
Exploits5
EUVD
EUVD
added 2026/02/05 4:13 p.m.7 views

EUVD-2020-31042

Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizardreboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without...

8.7CVSS5.4AI score0.00709EPSS
Exploits1References3
CVE
CVE
added 2026/02/05 4:13 p.m.11 views

CVE-2020-37150

Affected software: Edimax EW-7438RPn-v3 Mini, version 1.27. The vulnerability allows unauthenticated attackers to access the /wizard_reboot.asp endpoint in unsetup mode, disclosing the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by issuing a GET request to this endpo...

8.7CVSS5.4AI score0.00709EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6590

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn-v3 Mini version 1.27 Description The Edimax EW-7438RPn-v3 Mini version 1.27 allows unauthenticated attackers to access the /wizard reboot.asp API endpoint in unsetup mode. This access discloses the Wi-Fi SSID and security key...

8.7CVSS5.4AI score0.00709EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.10 views

CVE-2025-59403

The Flock Safety Android Collins application aka com.flocksafety.android.collins 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include b...

6.5CVSS7.7AI score0.01004EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/02 12:0 a.m.15 views

CVE-2025-59403

The Flock Safety Android Collins application aka com.flocksafety.android.collins 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include b...

0.01004EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/25 2:54 a.m.11 views

CVE-2025-56311

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware v2.2.14, the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint /boaform/admin/formReboot. An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes th...

6.6AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2025/09/23 9:15 p.m.5 views

CVE-2025-56311

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware v2.2.14, the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint /boaform/admin/formReboot. An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes th...

6.5CVSS0.0013EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.5 views

PT-2025-39211

Name of the Vulnerable Software and Affected Versions Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware version 2.2.14 Description The web management interface contains an authenticated Cross-Site Request Forgery CSRF issue on the reboot endpoint /boaform/admin/formReboot. An attacker can...

6.5AI score0.0013EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/09/23 12:0 a.m.4 views

CVE-2025-56311

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware v2.2.14, the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint /boaform/admin/formReboot. An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes th...

6.2AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.6 views

C-Data FD602GW-DX-R410 安全漏洞

The C-Data FD602GW-DX-R410 is a wireless router from China Sidet C-Data. A security vulnerability exists in the C-Data FD602GW-DX-R410 version 2.2.14, which stems from a lack of CSRF protection in the /boaform/admin/formReboot endpoint in the web management interface, which could lead to a denial...

6.5CVSS6.5AI score0.0013EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-21118 · Wyrestorm · Wyrestorm Apollo Vx20

Name of the Vulnerable Software and Affected Versions: WyreStorm Apollo VX20 versions prior to 1.3.58 Description: An issue allows remote attackers to restart the device via a "/device/reboot" GET request. Recommendations: For versions prior to 1.3.58, update to version 1.3.58 or later to resolve...

7.5CVSS7AI score0.04343EPSS
Exploits4References7
OSV
OSV
added 2022/04/06 1:15 a.m.3 views

CVE-2022-26953

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body...

7.5CVSS6.2AI score0.02038EPSS
Exploits2References3
Rows per page
Query Builder