Lucene search
K

167 matches found

RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.6 views

CVE-2023-53770

MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to...

8.7CVSS7AI score0.00474EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 9:31 p.m.5 views

EUVD-2023-60177

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

9.9CVSS6.6AI score0.00572EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/27 11:6 p.m.13 views

CVE-2020-36871

ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include...

8.7CVSS6.8AI score0.00587EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/27 12:30 a.m.4 views

EUVD-2020-30822

ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may...

8.7CVSS6.3AI score0.00594EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/11/26 10:13 p.m.4 views

CVE-2020-36873 Astak CM-818T3 Unauthenticated Configuration Disclosure

Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorizatio...

8.7CVSS6.4AI score0.00542EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/26 10:12 p.m.4 views

CVE-2020-36874 ACE SECURITY WIP-90113 Unauthenticated Configuration Disclosure

ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may...

8.7CVSS6.4AI score0.00594EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.4 views

PT-2025-48194

Name of the Vulnerable Software and Affected Versions Astak CM-818T3 2.4GHz wireless security surveillance cameras affected versions not specified Description The cameras have an unauthenticated configuration disclosure issue in the /web/cgi-bin/hi3510/backup.cgi endpoint. This endpoint allows...

8.7CVSS6.7AI score0.00542EPSS
Exploits0References5
NVD
NVD
added 2025/11/14 4:15 a.m.2 views

CVE-2025-13161

IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

8.7CVSS0.00479EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.13 views

PT-2025-46939

Name of the Vulnerable Software and Affected Versions IQ-Support affected versions not specified Description IQ-Support, developed by IQ Service International, has an Arbitrary File Read issue. Unauthenticated remote attackers can exploit Relative Path Traversal to download arbitrary system files...

8.7CVSS6.7AI score0.00479EPSS
Exploits0References8
CNVD
CNVD
added 2025/10/21 12:0 a.m.3 views

D-Link DIR-852 HNAP1 File Command Injection Vulnerability

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...

7.5CVSS7.8AI score0.01673EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.5 views

D-Link DIR-852 命令注入漏洞

D-Link DIR-852 is a dual-band Gigabit wireless router from Youxun Technology, focusing on home networking solutions and supporting Xunlei remote download function. The D-Link DIR-852 suffers from a command injection vulnerability that stems from the failure of file /HNAP1/ to properly filter...

7.5CVSS7.8AI score0.01673EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-4785

Malware in sbrugna...

8.2CVSS6.9AI score0.00677EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-18242

Malware in sbrugna...

6.5CVSS6.6AI score0.00894EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-4705

Malware in sbrugna...

9.3CVSS6.1AI score0.04435EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-24550

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00536EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-38945

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00944EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-46398

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-36975

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.03846EPSS
Exploits4References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-36061

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.15906EPSS
Exploits1References1
CVE
CVE
added 2025/09/21 10:2 p.m.23 views

CVE-2025-10767

CosmodiumCS OnlyRAT (versions prior to 3.3, affected up to 3.2 per some citations) contains an OS command injection in the Configuration File Handler’s main.py, specifically in the connect/remote_upload/remote_download function where manipulation of configuration["PASSWORD"] can be exploited. Att...

4.5CVSS4.7AI score0.01161EPSS
Exploits0References5
Rows per page
Query Builder