Lucene search
K

19 matches found

Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.87 views

ZTE H298A / H108N - Unauthenticated Credential Exposure

Exploit Title: ZTE H298A / H108N - Unauthenticated Credential Exposure via ETHCheat Parameter Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link:...

7.5CVSS5.8AI score0.24681EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.9 views

FreeBSD : FreeBSD -- Remote code execution via installer Wi-Fi access point scans (039c0ab0-54b7-11f1-8d7a-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 039c0ab0-54b7-11f1-8d7a-bc241121aa0a advisory. When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of...

7.5CVSS5.7AI score0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:58 a.m.3 views

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

8.8CVSS6.4AI score0.01897EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-5846

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn version 1.13 Description The Edimax EW-7438RPn version 1.13 contains a flaw that allows disclosure of WiFi network configuration details. An attacker can access the wlencrypt wiz.asp file to retrieve sensitive information,...

8.7CVSS5.5AI score0.00386EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/10/22 12:0 a.m.10 views

CVE-2025-60341

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

0.00362EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-19577

Malware in sbrugna...

4.4CVSS5AI score0.00133EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31760

Malicious code in bioql PyPI...

3.5CVSS6.6AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.7 views

Audi UTR 2.0 安全漏洞

Audi UTR 2.0 is an in-vehicle car recording system from Audi Germany. A security vulnerability exists in Audi UTR 2.0 that originates from the injection of a specially crafted payload in the wifistassid or wifiapssid parameter, which could lead to a stored cross-site scripting attack...

5.4CVSS6.2AI score0.0019EPSS
Exploits1References2
OSV
OSV
added 2025/08/04 3:15 p.m.6 views

CVE-2025-26065

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...

7.3CVSS5.9AI score0.00358EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.5 views

CVE-2023-30400

An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password...

9.8CVSS7.8AI score0.0347EPSS
Exploits1References1
OSV
OSV
added 2024/11/22 8:15 p.m.6 views

CVE-2024-6247

Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw...

6.8CVSS6.3AI score0.02175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.5 views

PT-2024-24329 · Engenius · Engenius Ews356-Fit +1

Name of the Vulnerable Software and Affected Versions: EnGenius EWS356-Fit versions 1.1.30 and earlier EnGenius ESR580 versions 1.1.30 and earlier Description: The issue allows a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable fie...

4.8CVSS6.1AI score0.00348EPSS
Exploits0References4
OSV
OSV
added 2024/08/28 3:15 p.m.6 views

CVE-2024-34198

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlanssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long...

9.8CVSS6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/01/10 8:15 a.m.1 views

CVE-2022-46025

Totolink N200REV5 V9.3.5u.6255B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page...

9.1CVSS7.4AI score0.01134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/03 12:0 a.m.10 views

PT-2024-14839 · Genie Company · Aladdin Connect

Name of the Vulnerable Software and Affected Versions: The Genie Company Aladdin Connect Retrofit-Kit Model ALDCM affected versions not specified Description: Unauthenticated access is permitted to the web interface page "Garage Door Control Module Setup" of The Genie Company Aladdin Connect...

8.2CVSS8.8AI score0.00605EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.5 views

The vulnerability of the form_fast_setting_wifi_set function in the microprogrammed software for Tenda F1203, FH1203, and FH1205 allows a hacker to execute arbitrary code.

The vulnerability of the formfastsettingwifiset function in the microprogrammed routing devices Tenda F1203, FH1203, and FH1205 is related to the ability to write data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

10CVSS8.4AI score0.00701EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2022/09/12 12:0 a.m.7 views

PT-2022-22907 · Linksys · Linksys E5350 Wifi Router

Name of the Vulnerable Software and Affected Versions: Linksys E5350 WiFi Router version 1.0.00.037 and lower Description: The issue concerns the /SysInfo.htm URI, which does not require a session ID. This web page calls the show sysinfo function, retrieving sensitive information such as WPA...

7.5CVSS7.4AI score0.00746EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2020/12/15 5:15 p.m.2 views

CVE-2020-27053

In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check. This could lead to local information disclosure of the WiFi network name with System execution privileges needed. User interaction is not needed for...

4.4CVSS5.6AI score0.00133EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/03/28 12:0 a.m.6 views

The vulnerability of the HPE iMC Server software platform, HPE Intelligent Management Center PLAT, allows a perpetrator to execute arbitrary code.

The vulnerability of the HPE iMC Server software platform of HPE Intelligent Management Center PLAT exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using the SSID attribute...

10CVSS6AI score0.22622EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder