19 matches found
ZTE H298A / H108N - Unauthenticated Credential Exposure
Exploit Title: ZTE H298A / H108N - Unauthenticated Credential Exposure via ETHCheat Parameter Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link:...
FreeBSD : FreeBSD -- Remote code execution via installer Wi-Fi access point scans (039c0ab0-54b7-11f1-8d7a-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 039c0ab0-54b7-11f1-8d7a-bc241121aa0a advisory. When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of...
CVE-2026-25196
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...
PT-2026-5846
Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn version 1.13 Description The Edimax EW-7438RPn version 1.13 contains a flaw that allows disclosure of WiFi network configuration details. An attacker can access the wlencrypt wiz.asp file to retrieve sensitive information,...
CVE-2025-60341
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
EUVD-2020-19577
Malware in sbrugna...
EUVD-2025-31760
Malicious code in bioql PyPI...
Audi UTR 2.0 安全漏洞
Audi UTR 2.0 is an in-vehicle car recording system from Audi Germany. A security vulnerability exists in Audi UTR 2.0 that originates from the injection of a specially crafted payload in the wifistassid or wifiapssid parameter, which could lead to a stored cross-site scripting attack...
CVE-2025-26065
A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...
CVE-2023-30400
An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. A command injection vulnerability in the network configuration script within the MCU's operating system allows attackers to perform arbitrary command execution via a crafted wifi SSID or password...
CVE-2024-6247
Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw...
PT-2024-24329 · Engenius · Engenius Ews356-Fit +1
Name of the Vulnerable Software and Affected Versions: EnGenius EWS356-Fit versions 1.1.30 and earlier EnGenius ESR580 versions 1.1.30 and earlier Description: The issue allows a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable fie...
CVE-2024-34198
TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlanssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long...
CVE-2022-46025
Totolink N200REV5 V9.3.5u.6255B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page...
PT-2024-14839 · Genie Company · Aladdin Connect
Name of the Vulnerable Software and Affected Versions: The Genie Company Aladdin Connect Retrofit-Kit Model ALDCM affected versions not specified Description: Unauthenticated access is permitted to the web interface page "Garage Door Control Module Setup" of The Genie Company Aladdin Connect...
The vulnerability of the form_fast_setting_wifi_set function in the microprogrammed software for Tenda F1203, FH1203, and FH1205 allows a hacker to execute arbitrary code.
The vulnerability of the formfastsettingwifiset function in the microprogrammed routing devices Tenda F1203, FH1203, and FH1205 is related to the ability to write data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
PT-2022-22907 · Linksys · Linksys E5350 Wifi Router
Name of the Vulnerable Software and Affected Versions: Linksys E5350 WiFi Router version 1.0.00.037 and lower Description: The issue concerns the /SysInfo.htm URI, which does not require a session ID. This web page calls the show sysinfo function, retrieving sensitive information such as WPA...
CVE-2020-27053
In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check. This could lead to local information disclosure of the WiFi network name with System execution privileges needed. User interaction is not needed for...
The vulnerability of the HPE iMC Server software platform, HPE Intelligent Management Center PLAT, allows a perpetrator to execute arbitrary code.
The vulnerability of the HPE iMC Server software platform of HPE Intelligent Management Center PLAT exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using the SSID attribute...