EUVD-2021-17067

Malware in sbrugna...

EUVD-2024-36649

Malicious code in bioql PyPI...

CVE-2021-30127

TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but...

VulnCheck KEV: CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

PT-2025-3731

Name of the Vulnerable Software and Affected Versions Four-Faith F3x36 router version 2.0.0 Description The issue is related to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via...

Design/Logic Flaw

TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but...

CVE-2021-30127

CVE-2021-30127 affects TerraMaster F2-210 devices. The root issue is UPnP-enabled exposure of the admin web server on TCP port 8181 to the Internet, contrary to local-network expectations. Consequence is potential unauthorized access due to outward-facing admin interface. A partial, undocumented ...

PT-2013-5165 · Monroe Electronics +1 · R189 One-Net +1

Name of the Vulnerable Software and Affected Versions: Digital Alert Systems DASDEC EAS device versions 2.0-2 through 2.0-2 Monroe Electronics R189 One-Net EAS device versions 2.0-2 through 2.0-2 Description: The administrative web server uses predictable session ID values, making it easier for...

CVE-2008-1260

The CVE-2008-1260 entry affects the Zyxel P-2602HW-D1A router running firmware 3.40(AJZ.1). The described vulnerabilities are CSRF flaws that let remote attackers (no authentication required) influence the device: (1) expose the admin web server on WAN via WWWAccessInterface in Forms/RemMagWWW_1,...

CVE-2002-0786

The CVE-2002-0786 entry concerns the iCon administrative web server for Critical Path inJoin Directory Server 4.0. Affected component: the inJoin Directory Server 4.0 web interface (iCon admin). Vulnerability: authenticated inJoin administrators can read arbitrary files by specifying the target f...