Lucene search
K

746 matches found

CVE
CVE
added 2024/05/23 9:55 p.m.82 views

CVE-2024-5228

The vulnerability CVE-2024-5228 affects TP-Link Omada ER605 routers, caused by a heap-based buffer overflow in Comexe DDNS response handling. The flaw stems from insufficient validation of the length of user-supplied DNS data before copying it into a fixed-length heap buffer, enabling remote code...

7.5CVSS8AI score0.00513EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/23 9:30 p.m.22 views

CVE-2024-5299 D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability

D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS9.2AI score0.01819EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/23 9:30 p.m.24 views

CVE-2024-5297 D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability

D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication...

8.8CVSS9.2AI score0.01929EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/23 9:29 p.m.15 views

CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...

8.8CVSS8AI score0.01966EPSS
Exploits0References1
CVE
CVE
added 2024/05/23 9:29 p.m.133 views

CVE-2024-5291

CVE-2024-5291 affects D-Link DIR-2150. The vulnerability resides in the SOAP API interface listening on TCP port 80, where insufficient validation of a user-supplied string before executing a system call allows network-adjacent attackers to achieve remote code execution in the router context (roo...

8.8CVSS9.2AI score0.01966EPSS
Exploits0References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/05/23 12:0 a.m.32 views

(Pwn2Own) TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific fl...

7.5CVSS7.5AI score0.00791EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/23 12:0 a.m.25 views

(Pwn2Own) TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication. The...

7.5CVSS7.5AI score0.0071EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/05/19 12:0 a.m.54 views

(Pwn2Own) QNAP TS-464 authLogin SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the authLogin...

8.8CVSS7.8AI score0.18677EPSS
Exploits0References1
NVD
NVD
added 2024/05/07 11:15 p.m.18 views

CVE-2023-35748

D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit...

8.8CVSS9.1AI score0.00593EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/07 11:15 p.m.2 views

CVE-2022-43654

NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists with...

8.8CVSS6.3AI score0.01144EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/05/07 11:15 p.m.37 views

CVE-2021-34982

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS9.2AI score0.00576EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/07 10:55 p.m.36 views

CVE-2023-35748 D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit...

8.8CVSS9.2AI score0.00593EPSS
Exploits0References2
CVE
CVE
added 2024/05/07 10:54 p.m.66 views

CVE-2022-43654

Summary: CVE-2022-43654 affects NETGEAR CAX30S routers via a pre-auth RCE caused by improper validation of a user-supplied string in the token parameter passed to the sso.php endpoint, allowing a network-adjacent attacker to execute code as root. The issue is described as a command injection vuln...

8.8CVSS9.1AI score0.01144EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/07 10:54 p.m.75 views

CVE-2021-34947

The CVE-2021-34947 entry describes a NETGEAR R7800 net-cgi Out-of-Bounds Write Remote Code Execution vulnerability. The flaw is in parsing of the soap_block_table, caused by insufficient validation of user-supplied data, allowing a write past the end of an allocated structure. This enables networ...

8.8CVSS9AI score0.00549EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2024/05/03 11:22 a.m.57 views

CVE-2023-27349

A vulnerability was found in the BlueZ Audio Profile AVRCP, stemming from the improper validation of array indices. This flaw resides in the AVRCP protocol handling and arises due to inadequate validation of user-supplied data. Consequently, it may lead to writing beyond the bounds of an allocate...

7.1CVSS7AI score0.01427EPSS
Exploits0References4
NVD
NVD
added 2024/05/03 3:16 a.m.28 views

CVE-2023-51625

D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this...

8CVSS8.4AI score0.01707EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 3:16 a.m.6 views

CVE-2023-51619

D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

6.8CVSS6.3AI score0.01126EPSS
Exploits0References2
NVD
NVD
added 2024/05/03 3:16 a.m.41 views

CVE-2023-51617

D-Link DIR-X3260 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability...

6.8CVSS7.1AI score0.01126EPSS
Exploits0References2
NVD
NVD
added 2024/05/03 3:16 a.m.26 views

CVE-2023-50229

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

8CVSS7.5AI score0.0229EPSS
Exploits0References3
NVD
NVD
added 2024/05/03 3:16 a.m.24 views

CVE-2023-50216

D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific...

8.8CVSS9.2AI score0.00916EPSS
Exploits0References2
Rows per page
Query Builder