Lucene search
K

123 matches found

NVD
NVD
added 2021/12/30 10:15 p.m.27 views

CVE-2021-20173

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values...

8.8CVSS0.03199EPSS
Exploits1References1
Prion
Prion
added 2021/12/30 10:15 p.m.24 views

Default configuration

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface port 5000 is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be...

5CVSS7.4AI score0.00589EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/30 9:31 p.m.15 views

CVE-2021-20175

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface port 5000 is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be...

7.6AI score0.00589EPSS
Exploits0References1
CVE
CVE
added 2021/12/30 9:31 p.m.59 views

CVE-2021-20175

Netgear Nighthawk R6700 (firmware 1.0.4.120) exposes its SOAP interface on port 5000 and communicates over HTTP by default, causing credentials and other sensitive data to be transmitted in cleartext. Root cause: lack of secure transport for SOAP API calls. Impact: potential exposure of usernames...

7.5CVSS7.3AI score0.00589EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/12/30 9:31 p.m.61 views

CVE-2021-20173

Netgear Nighthawk R6700 router (firmware 1.0.4.120) is affected by a command-injection vulnerability in the update functionality exposed via the SOAP interface. A system update check can be triggered with preconfigured values to inject commands. Root cause: insecure handling in the update/SOAP pa...

8.8CVSS8.8AI score0.03199EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/12/30 12:0 a.m.5 views

Netgear Nighthawk R6700操作系统命令注入漏洞

The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. A command injection vulnerability exists in the Netgear Nighthawk R6700, which stems from the fact that the product supports update checking via the soap interface and can be injected with a pre-set value. No details of the...

8.8CVSS5.6AI score0.03199EPSS
Exploits1References3
Rapid7 Blog
Rapid7 Blog
added 2021/04/09 7:17 p.m.128 views

Metasploit Wrap-Up

Spilling the Gitea We have two modules coming in from cdelafuente-r7 targeting CVE-2020-14144 for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user’s ability to create Git hooks by authenticating with the web interface, creating a dummy...

10CVSS0.3AI score0.98376EPSS
Exploits29
ATTACKERKB
ATTACKERKB
added 2021/03/22 12:0 a.m.86 views

CVE-2021-26295

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. Recent assessments: zeroSteiner at March 31, 2021 1:24pm UTC reported: This vulnerability is pretty straightforward to exploit. It is due to an...

10CVSS1.2AI score0.97969EPSS
Exploits11References14
OSV
OSV
added 2020/06/10 1:15 p.m.6 views

CVE-2020-4432

Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810...

7.5CVSS7.2AI score0.03423EPSS
Exploits0References2
OSV
OSV
added 2020/05/18 4:15 p.m.5 views

CVE-2020-11550

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitra...

6.5CVSS7AI score0.01568EPSS
Exploits1References3
NVD
NVD
added 2020/05/18 4:15 p.m.24 views

CVE-2020-11550

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitra...

7.4CVSS6.8AI score0.01568EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/05/18 3:45 p.m.20 views

CVE-2020-11551

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi...

9.6CVSS8.9AI score0.01651EPSS
Exploits1References3
OSV
OSV
added 2020/02/24 7:15 p.m.3 views

CVE-2019-12510

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API "/soap/serversa" by supplying a malicious X-Forwarded-For header of the device's LAN IP address 192.168.1.1 in every request. As a result, an attacker may...

9.1CVSS7.3AI score0.00711EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/01/29 12:0 a.m.3 views

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager DCNM system exists due to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, an...

9CVSS6.9AI score0.14322EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2019/10/04 10:2 p.m.16 views

CVE-2008-1515

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."...

6.4CVSS7AI score0.02015EPSS
Exploits0References3
Metasploit
Metasploit
added 2019/01/19 1:45 p.m.53 views

SAP Management Console List Config Files

This module attempts to list the config files through the SAP Management Console SOAP Interface. Returns a list of config files found in the SAP configuration with its absolute paths inside the server filesystem. This module requires Metasploit: https://metasploit.com/download Current source:...

7.2AI score
Exploits0
Prion
Prion
added 2019/01/09 11:29 p.m.17 views

Design/Logic Flaw

Aterm WF1200CR and Aterm WG1200CR Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP...

8.3CVSS8.9AI score0.00729EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/01/09 10:0 p.m.26 views

CVE-2018-16195

Aterm WF1200CR and Aterm WG1200CR Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP...

9AI score0.00729EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/12/14 12:0 a.m.118 views

JVN#87535892: Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR

Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. Information disclosure CWE-200 - CVE-2018-16192 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 4.3 CVSS v2|...

9CVSS7.1AI score0.01399EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/06/30 12:0 a.m.37 views

IBM Tivoli Monitoring SOAP Interface Insecure Configuration Remote SOAP Query Information Disclosure

IBM Tivoli Monitoring, a network asset monitoring platform, is installed on the remote Windows host and is using an insecure configuration. It is, therefore, affected by an information disclosure vulnerability in the SOAP interface due to an insecure default configuration. An unauthenticated,...

5.3CVSS6.5AI score0.01302EPSS
Exploits0References2
Rows per page
Query Builder