CVE-2023-46306

The web administration interface in NetModule Router Software NRSW 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php deviceid parameter. This occurs because another thread can be start...

NetModule Router Software Operating System Command Injection Vulnerability

NetModule Router Software is a router from NetModule. A security vulnerability exists in NetModule Router Software NRSW versions 4.6.x prior to 4.6.0.106 and 4.8.x prior to 4.8.0.101, which originates from the construction of operating system commands using unpurified user input, and which can be...

CVE-2023-46306

The web administration interface in NetModule Router Software NRSW 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php deviceid parameter. This occurs because another thread can be start...

CVE-2023-46306

NetModule Router Software (NRSW) versions affected: 4.6.x before 4.6.0.106 and 4.8.x before 4.8.0.101. The web admin interface constructs OS commands from unsanitized input in /admin/gnssAutoAlign.php device_id, due to a race/cleanup timing issue enabling execution of arbitrary commands with elev...

The vulnerability of the manage_post function in the microprogramming software of industrial Wi-Fi routers Yifan YF325 allows a hacker to execute arbitrary code.

The vulnerability of the managepost function in the microprogramming software for industrial Wi-Fi routers Yifan YF325 is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the software for creating wireless routers based on Debian RaspAP, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands.

The vulnerability of the software for creating wireless routers based on Debian RaspAP is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted POST request with t...

The vulnerability of the addWifiMacFilter function in the microprogramming software for Tenda AC10U allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the addWifiMacFilter function in the Tenda AC10U router software lies in the fact that the operation’s output goes beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the SetWifiDownSettings function in the D-Link DIR-823G router’s microprogramming software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SetWifiDownSettings function in the D-Link DIR-823G router’s microprogramming system is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the set_qos function in the Milesight UR32L router software allows a hacker to execute arbitrary code.

The vulnerability of the setqos function in the Milesight UR32L router microprogramming system arises due to a stack-based buffer overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the set_dmvpn function in the Milesight UR32L router’s microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the setdmvpn function in Milesight UR32L router microprogramming software arises due to a stack-based buffer overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the formSetClientState function in the microprogramming software for Tenda FH1203 allows a hacker to execute arbitrary code.

The vulnerability of the formSetClientState function in Tenda FH1203 router microprogramming software is related to the ability to write data outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the addWifiMacFilter function in the microprogramming-based router software Tenda FH1203 allows a hacker to execute arbitrary code.

The vulnerability of the addWifiMacFilter function in the microprogrammed routing software Tenda FH1203 lies in the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of Moxa TN-5900 series router microprogramming software, related to inconsistencies in responses to incoming requests, allows attackers to gain unauthorized access to protected information.

The vulnerability of Moxa TN-5900 series router microprogramming software is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the Efficient Multicast Forwarding module (EMF) in microprogrammed routing software from TOTOLINK, TP-LINK, ASUS, Arris, Buffalo, D-Link, Linksys, Netgear, TRENDnet, Xiaomi, Linksys, Luxul, Phicomm, Ubee allows a hacker to execute arbitrary code.

The vulnerability of the Efficient Multicast Forwarding EMF module in microprogrammed router software from TOTOLINK, TP-LINK, ASUS, Arris, Buffalo, D-Link, Linksys, Netgear, TRENDnet, Xiaomi, Luxul, Phicomm, and Ubee lies in the execution of operations outside the buffer in memory. Exploiting thi...

The vulnerability of the microprogramming software of Zyxel LTE3202-M437 and LTE3316-M604 allows attackers to enhance their privileges and gain access to the device.

The vulnerability of Zyxel LTE3202-M437 and LTE3316-M604 router microprogramming software is related to deficiencies in access control. Exploiting this vulnerability can allow a remote attacker to enhance their privileges and gain access to the device via the TELNET network protocol...

The vulnerability of the formWriteFacMac function in the Tenda AC1206 router software allows a hacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function in the Tenda AC1206 router microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow an attacker operating remotely to execute arbitrary commands...

CVE-2023-20072

A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service DoS condition. This vulnerability is due to the improper handling of large...

The vulnerability of the packet processing and fragmentation mechanism in Cisco IOS XE tunnel protocol allows a attacker to trigger a service failure.

The vulnerability of the packet processing and fragmentation mechanism in Cisco IOS XE operating systems is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Cisco IOS XR 安全漏洞

Cisco IOS XR is an operating system developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR, which stems from a security issue in GRand Unified Bootloader GRUB, which can be exploited by an attacker to view sensitive files on the console using the GRUB bootload...

The vulnerability of the lform/net_diagnose component of Delta Electronics’ DX-2100-L1-CN microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the lform/netdiagnose component of Delta Electronics’ DX-2100-L1-CN router software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...