6472 matches found
CVE-2026-31847
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...
CVE-2026-31847
CVE-2026-31847 concerns Nexxt Solutions Nebula 300+ devices running firmware up to 12.01.01.37. A hidden functionality in the /goform/setSysTools endpoint can remotely enable Telnet, which then exposes a privileged diagnostic management interface over the network. This increases attack surface an...
CVE-2026-31847 Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...
CVE-2026-31847 Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...
PT-2026-27114
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface...
Nexxt Solutions Nebula 300+ 安全漏洞
The Nexxt Solutions Nebula 300+ is a wireless router produced by the American company Nexxt Solutions. Versions of the Nebula 300+ prior to 12.01.01.37 contain security vulnerabilities. These vulnerabilities stem from a hidden feature in the /goform/setSysTools endpoint, which may lead to the...
EUVD-2019-19922
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
CVE-2019-25590
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
CVE-2019-25590
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
CVE-2019-25590 Axessh 4.2 Denial of Service via Log File Name
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
CVE-2019-25590
CVE-2019-25590 : Axessh 4.2 suffers a denial-of-service flaw in the logging configuration. A local attacker can crash the application by supplying an excessively long string in the log file name field when session logging is enabled; the crash is triggered during a Telnet session establishment af...
PT-2026-26978
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log...
Exploit for CVE-2026-32746
CVE-2026-32746 - telnetd LINEMODE SLC Buffer Overflow Pre-aut...
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon telnetd that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746 , carries a CVSS score...
EUVD-2026-12789
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
CVE-2026-22321 Stack-Based Buffer Overflow in CLI Login Username Handling over CLI
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...
CVE-2026-22321
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain...
CVE-2026-22320
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
CVE-2026-22320
A stack-based buffer overflow in the CLI’s TFTP file-transfer command handling can be triggered by a low-privileged attacker with Telnet/SSH access by supplying an unexpected or oversized filename input. This memory corruption affects the internal buffer, rendering the CLI and web dashboard unava...
PT-2026-26036
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...