258 matches found
CVE-2022-35263
CVE-2022-35263 is a concrete vulnerability in Robustel R1510 web_server hashFirst. Affected firmwares are 3.1.16 and 3.3.0. The issue arises in the WebsHash hashFirst routine, where an invalid index (potentially -1) can be used to access an array, causing a crash and denial of service via the /ac...
CVE-2022-35263
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35262
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35262
CVE-2022-35262 affects Robustel R1510 (versions 3.1.16 and 3.3.0). The denial-of-service stems from the web_server hashFirst function within the /action/import_xml_file/ API, where an crafted request can trigger a crash/DoS via unsafe handling of hash tables (GoAhead Webs library). TALOS details ...
CVE-2022-35262
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35261
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35261
CVE-2022-35261 affects Robustel R1510 web_server hashFirst in versions 3.1.16 and 3.3.0. A specially crafted network request to the web interface can trigger a denial of service via the /action/import_authorized_keys/ API. Talos details show the vulnerability arises from unsafe access to a hash t...
CVE-2022-35261
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-34850
An OS command injection vulnerability exists in the webserver /action/importauthorizedkeys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-34850
An OS command injection vulnerability exists in the webserver /action/importauthorizedkeys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-34850
CVE-2022-34850 affects Robustel R1510 web_server /action/import_authorized_keys/ in firmware versions 3.1.16 and 3.3.0. Talos reports an OS command injection vulnerability: the web server copies uploaded SSH key files into /home//.ssh/authorized_keys via a path that is built from user-controlled ...
CVE-2022-34845
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-34845
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-34845
CVE-2022-34845 affects Robustel R1510 (versions 3.1.16 and 3.3.0). Talos details a sysupgrade/firmware-update vulnerability where a specially crafted network sequence can trigger arbitrary firmware updates via the web/API flow: /action/import_firmware followed by /ajax/system_upgrade_start, which...
CVE-2022-33897
A directory traversal vulnerability exists in the webserver /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-33897
CVE-2022-33897 describes a directory traversal in Robustel R1510 3.1.16, exposed via the web_server /ajax/remove/ API. The vulnerability arises from how the API constructs the target path from the provided file_name and folder selection, allowing an attacker to trigger an rm -rf operation on arbi...
CVE-2022-33897
A directory traversal vulnerability exists in the webserver /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-33150
An OS command injection vulnerability exists in the jspackage install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-33150
CVE-2022-33150 affects Robustel R1510 (3.1.16). Talos details reveal an OS command injection in the web server’s Node.js app import flow: the /action/import_nodejs_app/ sets FILENAME to /tmp/upload/, which is then passed to js_package install via /ajax/system_nodejs_app_upgrade_start/. The js_pac...
CVE-2022-32765
An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...