746 matches found
CVE-2024-5228
The vulnerability CVE-2024-5228 affects TP-Link Omada ER605 routers, caused by a heap-based buffer overflow in Comexe DDNS response handling. The flaw stems from insufficient validation of the length of user-supplied DNS data before copying it into a fixed-length heap buffer, enabling remote code...
CVE-2024-5299 D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability
D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing...
CVE-2024-5297 D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability
D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication...
CVE-2024-5295 D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability
D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw...
CVE-2024-5291
CVE-2024-5291 affects D-Link DIR-2150. The vulnerability resides in the SOAP API interface listening on TCP port 80, where insufficient validation of a user-supplied string before executing a system call allows network-adjacent attackers to achieve remote code execution in the router context (roo...
(Pwn2Own) TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific fl...
(Pwn2Own) TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication. The...
(Pwn2Own) QNAP TS-464 authLogin SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the authLogin...
CVE-2023-35748
D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit...
CVE-2022-43654
NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists with...
CVE-2021-34982
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-35748 D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit...
CVE-2022-43654
Summary: CVE-2022-43654 affects NETGEAR CAX30S routers via a pre-auth RCE caused by improper validation of a user-supplied string in the token parameter passed to the sso.php endpoint, allowing a network-adjacent attacker to execute code as root. The issue is described as a command injection vuln...
CVE-2021-34947
The CVE-2021-34947 entry describes a NETGEAR R7800 net-cgi Out-of-Bounds Write Remote Code Execution vulnerability. The flaw is in parsing of the soap_block_table, caused by insufficient validation of user-supplied data, allowing a write past the end of an allocated structure. This enables networ...
CVE-2023-27349
A vulnerability was found in the BlueZ Audio Profile AVRCP, stemming from the improper validation of array indices. This flaw resides in the AVRCP protocol handling and arises due to inadequate validation of user-supplied data. Consequently, it may lead to writing beyond the bounds of an allocate...
CVE-2023-51625
D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this...
CVE-2023-51619
D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...
CVE-2023-51617
D-Link DIR-X3260 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability...
CVE-2023-50229
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...
CVE-2023-50216
D-Link G416 awsfile tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific...