PT-2024-6664 · D Link · D-Link Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100G version 17.12.20A1 Description: The issue is related to a command injection vulnerability via the sub47A60C function in the upgrade filter.asp file. This vulnerability is associated with the failure to neutralize special...

CVE-2024-7182

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The...

CVE-2024-34204

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter...

CVE-2024-31809

TOTOLINK EX200 V4.0.3c.7646B20201211 was discovered to contain a remote code execution RCE vulnerability via the FileName parameter in the setUpgradeFW function...

CVE-2023-51092

Tenda M3 V1.0.0.124856 was discovered to contain a stack overflow via the function upgrade...

CVE-2023-51092

Tenda M3 V1.0.0.124856 was discovered to contain a stack overflow via the function upgrade...

PT-2023-31762 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.124856 Description: A stack overflow issue was discovered via the upgrade function. Recommendations: For Tenda M3 version 1.0.0.124856, consider disabling the upgrade function until a patch is available. At the moment,...

CVE-2023-51092

Tenda M3 V1.0.0.124856 was discovered to contain a stack overflow via the function upgrade...

newGovernance COULD BE SET TO A WRONG ADDRESS THUS FREEZING CERTAIN FUNCTIONS

Lines of code Vulnerability details Impact The AxelarGateway.transferGovernance function is used to set the newGovernance address in the storage of the AxelarGateway contract. It is performed as follows: function transferGovernanceaddress newGovernance external override onlyGovernance if...

PT-2023-12946 · Totolink · Totolink Outdoor Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLink outdoor CPE CP900 version 6.3c.566 B20171026 Description: A command injection issue exists in the setUpgradeFW function via the filename parameter, allowing attackers to execute arbitrary commands through a crafted request...

CVE-2022-48072

Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

Command injection

Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

Command injection

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

CVE-2022-48072

Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

CVE-2022-48070

Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function...

CVE-2020-25755

An issue was discovered on Enphase Envoy R3.x and D4.x and other current devices. The upgradestart function in /installer/upgradestart allows remote authenticated users to execute arbitrary commands via the force parameter...

CVE-2021-27811

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of clientupgradeedition.php and Upgrade.php...

CVE-2021-27811

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of clientupgradeedition.php and Upgrade.php...

Code injection

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of clientupgradeedition.php and Upgrade.php...

CVE-2021-27811

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of clientupgradeedition.php and Upgrade.php...