Lucene search
+L

258 matches found

cve
cve
added 2022/10/25 4:34 p.m.67 views

CVE-2022-35263

CVE-2022-35263 is a concrete vulnerability in Robustel R1510 web_server hashFirst. Affected firmwares are 3.1.16 and 3.3.0. The issue arises in the WebsHash hashFirst routine, where an invalid index (potentially -1) can be used to access an array, causing a crash and denial of service via the /ac...

7.5CVSS7.3AI score0.0087EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2022/10/25 4:34 p.m.8 views

CVE-2022-35263

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

4.9CVSS5.7AI score0.0087EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2022/10/25 4:34 p.m.6 views

CVE-2022-35262

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

4.9CVSS5.7AI score0.0087EPSS
Exploits1References1
cve
cve
added 2022/10/25 4:34 p.m.66 views

CVE-2022-35262

CVE-2022-35262 affects Robustel R1510 (versions 3.1.16 and 3.3.0). The denial-of-service stems from the web_server hashFirst function within the /action/import_xml_file/ API, where an crafted request can trigger a crash/DoS via unsafe handling of hash tables (GoAhead Webs library). TALOS details ...

7.5CVSS7.3AI score0.0087EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2022/10/25 4:34 p.m.19 views

CVE-2022-35262

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

4.9CVSS7.5AI score0.0087EPSS
Exploits1References1
cvelist
cvelist
added 2022/10/25 4:34 p.m.24 views

CVE-2022-35261

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

4.9CVSS7.5AI score0.01084EPSS
Exploits1References1
cve
cve
added 2022/10/25 4:34 p.m.93 views

CVE-2022-35261

CVE-2022-35261 affects Robustel R1510 web_server hashFirst in versions 3.1.16 and 3.3.0. A specially crafted network request to the web interface can trigger a denial of service via the /action/import_authorized_keys/ API. Talos details show the vulnerability arises from unsafe access to a hash t...

7.5CVSS7.7AI score0.01084EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2022/10/25 4:34 p.m.7 views

CVE-2022-35261

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

4.9CVSS5.7AI score0.01084EPSS
Exploits1References1
cvelist
cvelist
added 2022/10/25 4:34 p.m.41 views

CVE-2022-34850

An OS command injection vulnerability exists in the webserver /action/importauthorizedkeys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.1CVSS7.4AI score0.0338EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2022/10/25 4:34 p.m.9 views

CVE-2022-34850

An OS command injection vulnerability exists in the webserver /action/importauthorizedkeys/ functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.1CVSS7.2AI score0.0338EPSS
Exploits1References1
cve
cve
added 2022/10/25 4:34 p.m.84 views

CVE-2022-34850

CVE-2022-34850 affects Robustel R1510 web_server /action/import_authorized_keys/ in firmware versions 3.1.16 and 3.3.0. Talos reports an OS command injection vulnerability: the web server copies uploaded SSH key files into /home//.ssh/authorized_keys via a path that is built from user-controlled ...

9.1CVSS7.8AI score0.0338EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2022/10/25 4:33 p.m.41 views

CVE-2022-34845

A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...

6.7CVSS4.2AI score0.00348EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2022/10/25 4:33 p.m.8 views

CVE-2022-34845

A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability...

6.7CVSS3.8AI score0.00348EPSS
Exploits1References1
cve
cve
added 2022/10/25 4:33 p.m.93 views

CVE-2022-34845

CVE-2022-34845 affects Robustel R1510 (versions 3.1.16 and 3.3.0). Talos details a sysupgrade/firmware-update vulnerability where a specially crafted network sequence can trigger arbitrary firmware updates via the web/API flow: /action/import_firmware followed by /ajax/system_upgrade_start, which...

6.7CVSS5.3AI score0.00348EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2022/10/25 4:33 p.m.8 views

CVE-2022-33897

A directory traversal vulnerability exists in the webserver /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability...

4.9CVSS6.1AI score0.01393EPSS
Exploits1References1
cve
cve
added 2022/10/25 4:33 p.m.51 views

CVE-2022-33897

CVE-2022-33897 describes a directory traversal in Robustel R1510 3.1.16, exposed via the web_server /ajax/remove/ API. The vulnerability arises from how the API constructs the target path from the provided file_name and folder selection, allowing an attacker to trigger an rm -rf operation on arbi...

9.1CVSS9.1AI score0.01393EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2022/10/25 4:33 p.m.20 views

CVE-2022-33897

A directory traversal vulnerability exists in the webserver /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability...

4.9CVSS9.4AI score0.01393EPSS
Exploits1References1
cvelist
cvelist
added 2022/10/25 4:33 p.m.39 views

CVE-2022-33150

An OS command injection vulnerability exists in the jspackage install functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.1CVSS9.9AI score0.03359EPSS
Exploits1References1
cve
cve
added 2022/10/25 4:33 p.m.73 views

CVE-2022-33150

CVE-2022-33150 affects Robustel R1510 (3.1.16). Talos details reveal an OS command injection in the web server’s Node.js app import flow: the /action/import_nodejs_app/ sets FILENAME to /tmp/upload/, which is then passed to js_package install via /ajax/system_nodejs_app_upgrade_start/. The js_pac...

9.8CVSS9.6AI score0.03359EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2022/10/25 4:33 p.m.33 views

CVE-2022-32765

An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.1CVSS9.9AI score0.03455EPSS
Exploits1References1
Rows per page
Query Builder