255 matches found
Checkmk Information Disclosure Vulnerability (CNVD-2023-32192)
Checkmk is an editor. An information disclosure vulnerability exists in the Checkmk Appliance that stems from inadequate protection of sensitive information in Webconf. An attacker could exploit the vulnerability by reading log files to retrieve passwords...
PT-2023-19051 · Seiko Epson · Seiko Epson Printers/Network Interface Web Config
Name of the Vulnerable Software and Affected Versions: SEIKO EPSON printers/network interface Web Config affected versions not specified Description: A cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with administrativ...
CVE-2023-0432
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...
CVE-2023-0432 CVE-2023-0432
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...
CVE-2023-0432
The CVE-2023-0432 issue affects Delta Electronics DX-2100-L1-CN routers, where the Web Configuration Service contains an authenticated command injection vulnerability. Exploitation could allow an attacker with web service credentials to execute OS commands as root, potentially compromising the de...
CVE-2023-0432 CVE-2023-0432
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...
The vulnerability of the web configuration service of Delta Electronics DX-2100-L1-CN microprogrammed router software allows a hacker to execute arbitrary code.
The vulnerability of the web configuration service of Delta Electronics DX-2100-L1-CN microprogrammed router software exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
PT-2025-6090 · Tenda · Tenda W18E
Name of the Vulnerable Software and Affected Versions: Tenda W18E version 16.01.0.81625 Description: The issue concerns Incorrect Access Control, allowing an attacker to send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function. This enables unauthorized changes to WiFi...
CVE-2022-48311
UNSUPPORTED WHEN ASSIGNED Cross Site Scripting XSS in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products tha...
Delta Electronics DX-2100 Series 跨站脚本漏洞
The Delta Electronics DX-2100 Series is a router from Delta Electronics China. A security vulnerability exists in Delta Electronics DX-2100-L1-CN version 1.5.0.10, which is caused due to a security issue in the "net diagnosis" function in the Web Configuration Service, and can be exploited in the...
Siemens SCALANCE X Authentication Bypass (CVE-2019-13933)
A vulnerability has been identified in SCALANCE X204RNA HSR, SCALANCE X204RNA PRP, SCALANCE X204RNA EEC HSR, SCALANCE X204RNA EEC PRP, SCALANCE X204RNA EEC PRP/HSR, SCALANCE X302-7 EEC 230V, SCALANCE X302-7 EEC 230V, coated, SCALANCE X302-7 EEC 24V, SCALANCE X302-7 EEC 24V, coated, SCALANCE X302-...
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS
CyberDanube Security Research 20221130-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Delta Electronics DX-2100-L1-CN vulnerable version| V1.5.0.10 fixed version| V1.5.0.12 CVE number| - impact| High homepage|...
UBUNTU-CVE-2022-46146
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...
CVE-2022-37860
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability...
Command injection
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability...
CVE-2022-1264
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code...
CVE-2022-1264
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code...
Code injection
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code...
CVE-2022-1264
Path traversal vulnerability CVE-2022-1264 affects Inductive Automation Ignition. An attacker with network access to the Ignition web configuration could run arbitrary code. Affected products: Ignition all 8.0 versions after 8.0.4, and all 8.1 versions prior to 8.1.10. MITIGATIONS: upgrade to Ign...
CVE-2022-1264 Inductive Automation Ignition
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code...