CVE-2025-8907 H3C M2 NAS Webserver Configuration unnecessary privileges

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather hig...

CVE-2025-8907 H3C M2 NAS Webserver Configuration unnecessary privileges

A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather hig...

📄 PivotX 3.0.0 RC 3 Remote Code Execution

This Metasploit module gains remote code execution in PivotX management system version 3.0.0 RC 3. The PivotX allows admin user to directly edit files on the webserver, including PHP files. The module exploits this by writing a malicious payload into index.php file, gaining remote code execution...

H3C M2 NAS 安全漏洞

H3C M2 NAS is a home private cloud disk from China's Xinhua San H3C. A security vulnerability exists in H3C M2 NAS version V100R006, which originates in the Webserver Configuration component that could lead to unwanted privilege execution...

PT-2025-32986 · H3C · H3C M2 Nas

Name of the Vulnerable Software and Affected Versions: H3C M2 NAS version V100R006 Description: A vulnerability exists in the Webserver Configuration component of H3C M2 NAS version V100R006. The vulnerability allows for execution with unnecessary privileges through manipulation. An attack must b...

CVE-2025-54962

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...

CVE-2025-54962

OpenPLC Runtime CVE-2025-54962 affects OpenPLC Runtime versions 3 through 9cd8f1b. The webserver’s /edit-user endpoint allows authenticated users to upload arbitrary files (e.g., .html, .svg); these uploads are stored under /static and become publicly accessible. The root cause is improper valida...

The vulnerability of the built-in web server boa (/boafrm/formPortFw) of TOTOLINK A702R router’s microprogramming software allows a hacker to induce a service failure.

The vulnerability of the built-in web server boa /boafrm/formPortFw of TOTOLINK A702R router’s microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the parameter servicetyp. Exploiting this vulnerability allows a malicious actor to caus...

D-Link DIR-513 Buffer Overflow Vulnerability

The D-Link DIR-513 is a wireless router device manufactured by D-Link. The D-Link DIR-513 version 1.10 suffers from a buffer overflow vulnerability that originates from improper handling of the curTime parameter in the sprintf function in the Boa Webserver component/goform/formSetWanNonLogin file...

D-Link DIR-513 Buffer Overflow Vulnerability (CNVD-2025-16670)

The D-Link DIR-513 is a wireless router device manufactured by D-Link. A buffer overflow vulnerability exists in the D-Link DIR-513 version 1.0, which originates from improper handling of the curTime parameter in the sprintf function of the /goform/formLanSetupRouterSettings file in the Boa...

CVE-2025-24938

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access administrator to the application has the potential execute commands on the operating system under the context of the webserver. The vulnerable...

CVE-2025-24936

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to th...

CVE-2025-7910

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the atta...

CVE-2025-7910

CVE-2025-7910 affects D-Link DIR-513 firmware 1.10, where Boa Webserver’s /goform/formSetWanNonLogin uses sprintf on curTime, causing a stack-based buffer overflow. The vulnerability is remotely exploitable, with publicly disclosed exploit details and high impact on confidentiality, integrity, an...

CVE-2025-7910 D-Link DIR-513 Boa Webserver formSetWanNonLogin sprintf stack-based overflow

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the atta...

CVE-2025-7909 D-Link DIR-513 Boa Webserver formLanSetupRouterSettings sprintf stack-based overflow

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack m...

CVE-2025-7909 D-Link DIR-513 Boa Webserver formLanSetupRouterSettings sprintf stack-based overflow

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack m...

CVE-2025-7909

The CVE-2025-7909 issue affects D-Link DIR-513 v1.0, where the Boa Webserver’s /goform/formLanSetupRouterSettings uses sprintf on the curTime argument, enabling a stack-based buffer overflow. This can be triggered remotely and the exploit has been publicly disclosed. Reports indicate the vulnerab...

D-Link DIR-513 安全漏洞

The D-Link DIR-513 is a wireless router device manufactured by D-Link. The D-Link DIR-513 version 1.10 suffers from a buffer overflow vulnerability that originates from improper handling of the curTime parameter in the sprintf function in the Boa Webserver component/goform/formSetWanNonLogin file...

D-Link DIR-513 安全漏洞

The D-Link DIR-513 is a wireless router device manufactured by D-Link. A buffer overflow vulnerability exists in the D-Link DIR-513 version 1.0, which originates from improper handling of the curTime parameter in the sprintf function of the /goform/formLanSetupRouterSettings file in the Boa...