746 matches found
The vulnerability of the executeWmicCmd method on the software platform of the integrated networking management device D-Link D-View allows a hacker to execute arbitrary code in the root context.
The vulnerability of the executeWmicCmd method in the D-Link D-View software platform exists because measures to neutralize the special elements used in the operating system command have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root...
Hewlett Packard Enterprise OneView Apache Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST service, which listens on TCP port 443 by...
The vulnerability of the queryDeviceCustomMonitorResult method in the software platform of the D-Link D-View integrated network management system allows a hacker to execute arbitrary code in the root context.
The vulnerability of the queryDeviceCustomMonitorResult method in the D-Link D-View integrated network management software is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the root user...
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
(Pwn2Own) NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issu...
The vulnerability of the executable file cmxddns in the microprogramming software of TP-Link Omada er605 allows a hacker to execute arbitrary code in the root context.
The vulnerability of the executable file cmxddnsd of the TP-Link Omada er605 microcontroller software is related to the use of weak security mechanisms. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root context...
The vulnerability of TP-Link Omada er605’s microprogramming software arises from incorrect processing of DDNS error codes, allowing a intruder to execute any arbitrary code in the root context.
The vulnerability of TP-Link Omada er605 microprogramming software is caused by incorrect processing of DDNS error codes. Exploiting this vulnerability allows a remote attacker to execute any code within the root context...
CVE-2024-5267
Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...
CVE-2024-5267 Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability
Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...
CVE-2024-5267
CVE-2024-5267 describes a vulnerability in Sonos Era 100 where the SMB2 message handling allows an out-of-bounds write that can execute code with root privileges. The flaw comes from inadequate validation of user-supplied data, enabling a network-adjacent attacker (no authentication required) to ...
CVE-2024-5267 Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability
Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The...
PT-2024-35407 · Sonos · Sonos Era 100
Name of the Vulnerable Software and Affected Versions: Sonos Era 100 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this issue...
Lexmark CX331adwe Firmware Downgrade Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /usr/bin/hydra service, which listens on TCP port 9100 by...
(Pwn2Own) Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messages. The issue results from the lack of...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 Untrusted Search Path Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...
(0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the executeWmicCmd method. The...
CVE-2024-5298
D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existi...
CVE-2024-5291
D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2024-5228
TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this...