25 matches found
The vulnerability of the set_sys_time() function implementation in the Robustel R1510 software-defined VPN routers allows a hacker to execute arbitrary commands.
The vulnerability of the setsystime function implementation in Robustel R1510 VPN routers lies in the lack of measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending speciall...
CVE-2022-33329
Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /ajax/setsystime/...
CVE-2022-25457
Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function...
PT-2022-17295 · Tenda · Tenda Ac9
Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.2.21 Description: A stack overflow issue was discovered via the ntpserver parameter in the SetSysTimeCfg function. Recommendations: For Tenda AC9 version 15.03.2.21, consider restricting access to the SetSysTimeCfg...
CVE-2022-25555
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service DoS via the ntpServer parameter...