Lucene search
K

5 matches found

CVE
CVE
added 9 hours ago10 views

CVE-2026-61875

The vulnerability is in luci-app-upnp (OpenWrt LuCI) and is a stored cross-site scripting (XSS) flaw in the UPnP IGD AddPortMapping SOAP request. An unauthenticated LAN client can submit malicious HTML in the NewPortMappingDescription field; miniupnpd stores it and luci-app-upnp renders it withou...

8.8CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 12:0 a.m.42 views

CVE-2026-36608

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...

0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 2:15 a.m.5 views

CVE-2023-35722

NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...

8.8CVSS7.9AI score0.01258EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.16 views

NETGEAR RAX30 安全漏洞

The NETGEAR RAX30 is a wireless router from NETGEAR. The NETGEAR RAX30 suffers from a command injection vulnerability that stems from a command injection vulnerability when processing UPnP port mapping requests, which can be exploited by an attacker to execute arbitrary commands...

8.8CVSS8AI score0.01258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/08 12:0 a.m.6 views

PT-2023-3417 · NetGear · Netgear Rax30

Name of the Vulnerable Software and Affected Versions: NETGEAR RAX30 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this issue. The...

8.8CVSS7.4AI score0.01258EPSS
Exploits0References9
Rows per page
Query Builder