Lucene search
K

325 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:53 a.m.5 views

CVE-2018-14528

Invoxia NVX220 devices allow TELNET access as admin with a default password...

10CVSS7.1AI score0.01961EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:8 a.m.11 views

CVE-2010-2967

The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a 1 telnet, 2 rlogin, or 3 FTP session...

7.8CVSS6.9AI score0.01716EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/14 12:0 a.m.4 views

Tenda RX2 Pro Security Bypass Vulnerability (CNVD-2025-13838)

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. A security bypass vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which can be exploited by an attacker to cause telnet access to be enabled...

6.5CVSS7AI score0.05369EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/09 12:0 a.m.15 views

CVE-2025-28202

Incorrect access control in Victure RX1800 ENV1.0.0r12110933 allows attackers to enable SSH and Telnet services without authentication...

0.00473EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.6 views

PT-2025-19946 · Tenda · Tenda Rx3

Name of the Vulnerable Software and Affected Versions: Tenda RX3 version 16.03.13.11 multi Description: A critical issue affects the processing of the file /goform/telnet, leading to command injection. The attack may be initiated remotely. Recommendations: For Tenda RX3 version 16.03.13.11 multi,...

9.8CVSS5.1AI score0.12701EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/05/03 1:41 a.m.16 views

CVE-2025-46631

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request...

6.5CVSS7.4AI score0.05369EPSS
Exploits1References1
NVD
NVD
added 2025/05/01 8:15 p.m.10 views

CVE-2025-46631

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request...

6.5CVSS0.05369EPSS
Exploits1References2
OSV
OSV
added 2025/05/01 8:15 p.m.7 views

CVE-2025-46631

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request...

6.5CVSS5.9AI score0.05369EPSS
Exploits1References2
OSV
OSV
added 2025/05/01 8:15 p.m.5 views

CVE-2025-46627

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address...

8.2CVSS5.8AI score0.00357EPSS
Exploits1References2
CVE
CVE
added 2025/05/01 12:0 a.m.67 views

CVE-2025-46631

CVE-2025-46631 concerns Tenda RX2 Pro (firmware 16.03.30.14). The issue is improper access controls in the web management portal that allow an unauthenticated remote attacker to enable telnet access to the router OS by sending a request to the vulnerable endpoint "/goform/telnet". This is support...

6.5CVSS7.1AI score0.05369EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.4 views

Tenda RX2 Pro 安全漏洞

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from a weak credentials vulnerability that stems from the use of weak credentials, which can be exploited by an attacker to authenticate to a telnet service by calculating the root password bas...

8.2CVSS7.1AI score0.00357EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.5 views

Mitel ICP VoIP 3100 安全漏洞

The Mitel ICP VoIP 3100 is a full-featured IP communications solution designed for small and medium-sized businesses and branch offices from Mitel Canada. u200b A security vulnerability exists in the Mitel ICP VoIP 3100 that originates from a system error during TELNET login waiting that disclose...

5.6CVSS6.5AI score0.01512EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/13 11:30 p.m.19 views

CVE-2024-35396

TOTOLINK CP900L v4.1.5cu.798B20221228 was discovered to contain a hardcoded password for telnet in /webcste/cgi-bin/product.ini, which allows attackers to log in as root...

9.8CVSS7.4AI score0.00554EPSS
Exploits0References4
OSV
OSV
added 2025/02/10 7:15 p.m.4 views

CVE-2024-46436

Hardcoded credentials in Tenda W18E V16.01.0.81625 allows unauthenticated remote attackers to gain root access to the device over the telnet service...

8.3CVSS6AI score0.00432EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/07 9:43 a.m.13 views

CVE-2024-40891

UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00AAFR.4C020170615 could allow an authenticated attacker to execute operating system OS commands on an affected device via Telnet...

8.8CVSS7.7AI score0.19735EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:7 a.m.6 views

CVE-2024-28751

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials...

9.1CVSS6.4AI score0.00592EPSS
Exploits0References1
CVE
CVE
added 2025/02/04 10:2 a.m.210 views

CVE-2024-40891

CVE-2024-40891 affects Zyxel VMG4325-B10A legacy DSL CPE with firmware 1.00(AAFR.4)C0_20170615. A post-authentication command injection in the device management commands could let an authenticated attacker run OS commands via Telnet, enabling potentially full takeover of the device (high risk, ne...

8.8CVSS7.8AI score0.19735EPSS
In wildExploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/30 12:0 a.m.9 views

The vulnerability of Zyxel network device software of the CPE series exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of Zyxel network devices of the CPE series exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with privileges as “supervisor” or...

10CVSS8.4AI score0.19735EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2025/01/28 12:0 a.m.5 views

VulnCheck KEV: CVE-2024-40891

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet...

8.8CVSS5.9AI score0.19735EPSS
Exploits0References1
CNVD
CNVD
added 2024/11/15 12:0 a.m.10 views

D-Link DSL6740C Incorrect Use of Privileged API Vulnerability

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. A security vulnerability exists in the D-Link DSL6740C, which can be exploited by an attacker to modify arbitrary user passwords and later log in to Web, SSH, and Telnet services via certain APIs...

9.8CVSS6.8AI score0.01174EPSS
Exploits0References1
Rows per page
Query Builder