336 matches found
CVE-2022-25552
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formfastsettingwifiset. This vulnerability allows attackers to cause a Denial of Service DoS via the ssid parameter...
Lantronix PremierWave 2050 Web Manager Wireless Network Scanner OS command injection vulnerability
Summary An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
RaspAP 操作系统命令注入漏洞
RaspAP is a simple wireless AP setup and management for Debian-based devices. An operating system command injection vulnerability exists in RaspAP, which stems from the failure to properly filter "interface", "ssid" in /hostapd in RaspAP versions 2.6 through 2.6.5, ";", "$" and other special...
TP-Link WR2041 缓冲区错误漏洞
TP-Link WR2041 is a wireless WIFI from TP-Link. A buffer error vulnerability exists in the TP-Link WR2041 v1 firmware, which can be exploited to cause a denial of service by sending an HTTP request with a long "ssid" parameter to the "userRpm The vulnerability can be exploited to cause a Denial o...
CVE-2020-27980
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users...
Genexis Platinum-4410 Cross Site Scripting
Exploit Title: Persistent XSS in SSID Date: 10/24/2020 Exploit Author: Amal Mohandas Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Vulnerability Details ====================== Genexis Platinum-4410 Home Gateway...
Genexis Platinum-4410 - 'SSID' Persistent XSS
Exploit Title: Persistent XSS in SSID Date: 10/24/2020 Exploit Author: Amal Mohandas Vendor Homepage: https://genexis.co.in/product/ont/ Version: Platinum-4410 Software version - P4410-V2-1.28 Tested on: Windows 10 Vulnerability Details ====================== Genexis Platinum-4410 Home Gateway...
CVE-2019-3985
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...
Command injection
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...
CVE-2018-18707
An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value...
Google Nest Cam 5.2.1 - Buffer Overflow Conditions Over Bluetooth LE
Exploit Title: Google Nest Cam - Multiple Buffer Overflow Conditions Over Bluetooth LE Reported to Google: October 26, 2016 Public Disclosure: March 17, 2017 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage: https://nest.com/ Affected: Dropcam, Dropcam Pro, Nest Cam Indoor/Outdoor models ...
CVE-2015-5992
Cross-site scripting XSS vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...
CVE-2015-5992
Cross-site scripting XSS vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone PLDT SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...
Phillipine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 Cross-Site Scripting Vulnerabilities
The Phillipine Long Distance Telephone PLDT SpeedSurf 504AN and the Kasda KW58293 are modem and router all-in-one units. The PLDT SpeedSurf 504AN and Kasda KW58293 form2WlanSetup.cgi page fails to adequately filter the 'ssid' parameter, allowing a remote attacker to exploit the vulnerability by...
Sql injection
SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter...
Sql injection
SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter...