26 matches found
CVE-2026-50224
The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...
CVE-2026-50224
CVE-2026-50224 describes that the web administration panel binds broadly to the public IPv6 space on port [::]:8080 with no default firewall limits, making internal API endpoints reachable over the WAN. The NVD entry cites a network attack vector with low exploit complexity and no user interactio...
EUVD-2026-28591
Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escala...
CVE-2026-8077 Weak credentials vulnerability in the CashDro 3 web administration panel
Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escala...
EUVD-2020-9451
Malware in sbrugna...
EUVD-2020-22909
Malware in sbrugna...
EUVD-2020-9450
Malware in sbrugna...
CVE-2024-22733
TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker...
CVE-2020-35230
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack...
CVE-2020-35223
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests...
CVE-2020-17502
Barco TransForm N before 3.8 allows Command Injection issue 2 of 4. The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An...
CVE-2024-22733
TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker...
CVE-2024-22733
TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker...
CVE-2024-22733
TP-Link MR200 V4 firmware 210201 is affected by a null-pointer-dereference in the web administration panel at /cgi/login via the sign, Action, or LoginStatus parameters, leading to denial of service by unauthenticated remote/local attackers. The issue affects the web login handler and is document...
PT-2024-7994 · Tp Link · Tp-Link Mr200
Name of the Vulnerable Software and Affected Versions: TP-Link MR200 version 210201 Description: The issue is related to a null-pointer-dereference problem in the web administration panel of the TP-Link MR200. This problem occurs on the "/cgi/login" endpoint via the sign, Action, or LoginStatus...
The vulnerability in the web-based administration panel of Microprogramming software for Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 allows a intruder to trigger a service failure or execute arbitrary code.
The vulnerability of the web-based administration panel of Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 networking devices is related to insufficient verification of input parameters. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary cod...
The vulnerability in the web administration panel of Microprogrammed software for Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 allows a hacker to add IP addresses to a white list.
The vulnerability of the web-based administration panel of Microprogramming software for Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 lies in insufficient verification of input parameters. Exploiting this vulnerability allows an attacker to add IP addresses to a white list using the...
CVE-2020-35223
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests...
CVE-2020-17502
Barco TransForm N before 3.8 allows Command Injection issue 2 of 4. The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users of the administration panel to perform authenticated remote code execution. An...
CVE-2020-17503
The NDN-210 has a web administration panel which is made available over https. There is a command injection issue that will allow authenticated users to the administration panel to perform authenticated remote code execution. An issue exists in splitcardcmd.php in which the http parameter "lockin...