Lucene search
+L

140 matches found

NVD
NVD
added 2023/09/07 7:15 a.m.44 views

CVE-2023-39236

ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS9.2AI score0.01056EPSS
Exploits0References1
Prion
Prion
added 2023/09/07 7:15 a.m.24 views

Command injection

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

6.5CVSS9.2AI score0.01056EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/09/07 6:49 a.m.49 views

CVE-2023-39236

ASUS RT-AC86U Traffic Analyzer - Statistic function is vulnerable to command injection due to insufficient filtering of special characters. A remote attacker with regular user privileges can trigger arbitrary command execution, potentially corrupting the system or stopping services. Affected prod...

8.8CVSS9.2AI score0.01056EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/07 6:42 a.m.30 views

CVE-2023-38033 ASUS RT-AC86U - Command injection vulnerability - 3

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS9.3AI score0.01056EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/07 6:42 a.m.13 views

CVE-2023-38033 ASUS RT-AC86U - Command injection vulnerability - 3

ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS8.4AI score0.01056EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/07 6:30 a.m.20 views

CVE-2023-38032 ASUS RT-AC86U - Command injection vulnerability - 2

ASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS8.4AI score0.01056EPSS
Exploits0References1
CVE
CVE
added 2023/09/07 6:30 a.m.55 views

CVE-2023-38032

CVE-2023-38032 affects the ASUS RT-AC86U router’s AiProtection security-related function. The root cause is insufficient filtering of special characters, enabling a remote attacker with regular user privileges to perform a command injection and execute arbitrary commands, potentially disrupting t...

8.8CVSS9.2AI score0.01056EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/09/07 4:15 a.m.27 views

CVE-2023-38031

ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services...

8.8CVSS9.2AI score0.01056EPSS
Exploits0References1
NVD
NVD
added 2023/06/02 11:15 a.m.32 views

CVE-2023-28703

ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate...

7.2CVSS7.4AI score0.00886EPSS
Exploits0References1
NVD
NVD
added 2023/06/02 11:15 a.m.14 views

CVE-2023-28701

ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service...

9.8CVSS9.9AI score0.00868EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.30 views

CVE-2023-28703 ASUS RT-AC86U - Buffer Overflow

ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate...

7.2CVSS7.6AI score0.00886EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/05/02 12:0 a.m.5 views

The vulnerability of the microprogramming software in the embedded converter Moxa MiiNePort E1, related to the lack of authentication for a critical function, allows a intruder to gain access to the system configuration interface, enabling them to view, modify, or terminate services.

The vulnerability of the microprogramming software in the embedded converter Moxa MiiNePort E1 is related to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker to gain access to the system configuration interface, enabling them to view, modify,...

10CVSS7.8AI score0.00887EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/01/03 3:15 a.m.20 views

Authorization

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

6.5CVSS8.6AI score0.00794EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2022/09/13 12:55 p.m.50 views

CVE-2022-39028

A flaw was found in MIT krb5-appl, where it has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. The telnetd application would crash in a typical installation, but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short ti...

7.5CVSS0.8AI score0.01657EPSS
Exploits1References3
NVD
NVD
added 2022/07/20 2:15 a.m.27 views

CVE-2022-32960

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate...

6.8CVSS0.0022EPSS
Exploits0References1
OSV
OSV
added 2022/07/20 2:15 a.m.6 views

CVE-2022-32960

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate...

6.8CVSS6.4AI score0.0022EPSS
Exploits0References1
NVD
NVD
added 2022/07/20 2:15 a.m.21 views

CVE-2022-32962

HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service...

6.8CVSS0.00219EPSS
Exploits0References1
Prion
Prion
added 2022/07/20 2:15 a.m.20 views

Stack overflow

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code,...

4.6CVSS7.1AI score0.0022EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/07/20 2:15 a.m.18 views

Stack overflow

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipula...

4.6CVSS7.1AI score0.0022EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/07/20 2:15 a.m.22 views

Double free

HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service...

4.6CVSS6.9AI score0.00219EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder