Lucene search
K

482 matches found

Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.5 views

PT-2024-23515 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda FH1203 version 2.0.1.6 Description: The issue is related to a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. This vulnerability can be exploited, potentially leading to unintended behavior or...

8CVSS7.4AI score0.00698EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/03/27 12:0 a.m.3 views

The vulnerability of the fromSetSysTime() function (/goform/SetSysTimeCfg) in the Tenda AC15 router’s microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromSetSysTime function /goform/SetSysTimeCfg in the Tenda AC15 router’s microprogramming software lies in the fact that the operation exits the buffer boundaries in memory when processing the time parameter. Exploiting this vulnerability could allow an attacker to...

10CVSS7.9AI score0.01298EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.3 views

Tenda AC7 安全漏洞

Tenda AC7 is a 1200M dual-band wireless router designed for large households by Tenda Technology, which adopts 802.11ac standard and supports dual-band concurrent transmission with wireless rate up to 1167Mbps. Tenda AC7 suffers from a buffer overflow vulnerability, which originates from a buffer...

9CVSS7.4AI score0.01683EPSS
Exploits1References5
OSV
OSV
added 2024/03/24 6:15 a.m.4 views

CVE-2024-2855

A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched...

9.8CVSS6.3AI score
Exploits0References3
CNNVD
CNNVD
added 2024/03/24 12:0 a.m.3 views

Tenda AC15 安全漏洞

Tenda AC15 is a wireless router from Tenda, China. A security vulnerability exists in Tenda AC15 version 15.03.05.18, which is caused by a stack-based buffer overflow in the time parameter of the fromSetSysTime method on the /goform/SetSysTimeCfg page...

9.8CVSS9.1AI score0.01298EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/16 12:0 a.m.4 views

PT-2024-2395 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 versions 15.03.05.18 through 15.03.05.19 and version 15.03.20 Description: A critical vulnerability was found in the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to a...

10CVSS8.9AI score0.01298EPSS
Exploits1References8
OSV
OSV
added 2024/02/21 9:15 p.m.4 views

CVE-2023-24334

A stack overflow vulnerability in Tenda AC23 with firmware version USAC23V1.0reV16.03.07.45cnTDC01 allows attackers to run arbitrary commands via schedStartTime parameter...

8CVSS6.1AI score0.00489EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.6 views

PT-2024-1316 · Totolink · Totolink N200Re

Name of the Vulnerable Software and Affected Versions: Totolink N200RE version 9.3.5u.6139 B20201216 Description: A critical issue affects the setParentalRules function of the /cgi-bin/cstecgi.cgi file, where manipulation of the eTime argument leads to a stack-based buffer overflow. This can be...

9CVSS7.2AI score0.01485EPSS
Exploits1References8
Code423n4
Code423n4
added 2024/01/28 12:0 a.m.15 views

update_market() market weight incorrect

Lines of code Vulnerability details Vulnerability details in updatemarket We need to get the weight percentage of the corresponding market epoch through gaugeController Then allocate cantoPerBlockepoch according to the percentage The main logic code is as follows: function updatemarketaddress...

7.1AI score
Exploits0
OSV
OSV
added 2024/01/08 4:15 a.m.4 views

CVE-2024-0296

A vulnerability has been found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hosttime leads to os command injection. The attack can be initiated remotel...

9.8CVSS5.6AI score0.03834EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/01/02 12:0 a.m.5 views

The vulnerability of the NTPSyncWithHost interface of the TOTOlink EX1800T Wi-Fi range extender software allows a intruder to execute arbitrary commands.

The vulnerability of the NTPSyncWithHost interface of the TOTOlink EX1800T Wi-Fi extension software exists due to the failure to eliminate the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using th...

10CVSS8.1AI score0.0097EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.4 views

PT-2023-29424 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the time parameter of the "update.php" resource does not validate the characters received and they are sent...

7.4AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/12/22 6:15 p.m.7 views

CVE-2023-51023

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘hosttime’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi...

9.8CVSS6.1AI score0.0097EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.3 views

TOTOLINK EX1800T 安全漏洞

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T version v9.1.0cu.2112B20220316. The vulnerability stems from the hosttime parameter of the NTPSyncWithHost interface of cstecgi .cgi failing to...

9.8CVSS7.3AI score0.0097EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.6 views

PT-2023-31294 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtTime parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are sen...

8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.6 views

PT-2023-8034 · Totolink · Totolink Ex1800T

Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue concerns arbitrary command execution in the host time parameter of the NTPSyncWithHost interface of the cstecgi .cgi. This vulnerability exists due to the lack of measures...

9.8CVSS9.7AI score0.0097EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2023/12/20 10:15 p.m.1 views

CVE-2023-50987

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function...

9.8CVSS6.1AI score0.00869EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/12/20 10:15 p.m.1 views

CVE-2023-50986

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function...

9.8CVSS6.1AI score0.00869EPSS
Exploits1References3
OSV
OSV
added 2023/12/20 10:15 p.m.3 views

CVE-2023-50986

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function...

9.8CVSS6.2AI score0.00869EPSS
Exploits1References2
OSV
OSV
added 2023/12/20 10:15 p.m.4 views

CVE-2023-50987

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function...

9.8CVSS6.1AI score0.00869EPSS
Exploits1References2
Rows per page
Query Builder