CVE-2019-11367

An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully...

EUVD-2019-3046

Malware in sbrugna...

EUVD-2019-3045

Malware in sbrugna...

EUVD-2019-4311

Malware in sbrugna...

EUVD-2019-4310

Malware in sbrugna...

AUO DIR-605L Buffer Overflow Vulnerability

The AUO DIR-605L is the first cloud router from AUO designed for home and small office networks. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the insecure use of sprintf when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogi...

AUO DIR-605L Buffer Overflow Vulnerability

The AUO DIR-605L is the first cloud router from AUO designed for home and small office networks. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the failure of Language, a parameter of the function sub410DDC in the file switchlanguage.cgi in the httpd component,...

D-Link DIR-825 安全漏洞

The AUO DIR-605L is the first cloud router from AUO designed for home and small office networks. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the failure of Language, a parameter of the function sub410DDC in the file switchlanguage.cgi in the httpd component,...

AUO DIR-825 sub_4091AC Function Buffer Overflow Vulnerability

The AUO DIR-825 is a dual-band wireless router from AUO D-Link, mainly for SMB and SOHO environments. The AUO DIR-825 suffers from a buffer overflow vulnerability, which originates from the failure of the sub4091AC function in the HTTP POST Request Handler component to correctly validate the leng...

CVE-2019-12719

An issue was discovered in PictureManagemvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter...

CVE-2019-11368

Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter...

CVE-2019-12720

AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvcsendmail.aspx MailAdd parameter SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picturemanagemvc.aspx plantno parameter, the...

D-Link DAP-2695 /adv_macbypass.php file cross-site scripting vulnerability

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. A cross-site scripting vulnerability exists in the D-Link DAP-2695, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter fmac in the file...

D-Link DAP-2695 /adv_arpspoofing.php file cross-site scripting vulnerability

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. The D-Link DAP-2695 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter harpmac in the file...

D-Link DIR-605L/DIR-618 formTcpipSetup Function Access Control Error Vulnerability

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An access control error vulnerability exists in the D-Link DIR-618 version 2.02 and DIR-605L version 3.02, which stems from improper access control in the file /goform/formTcpipSetup, and can be exploit...

D-Link DIR-605L/DIR-618 formSetDomainFilter Function Access Control Error Vulnerability

The D-Link DIR-605L and D-Link DIR-618 are both a wireless router from China-based AUO D-Link. An access control error vulnerability exists in the D-Link DIR-618 version 2.02 and the D-Link DIR-605L version 3.02, which stems from improper access control in the file /goform/formSetDomainFilter, an...

D-Link DIR-825 Command Injection Vulnerability

The D-Link DIR-825 is a router from China's AUO D-Link. A command injection vulnerability exists in the DLINK DIR-825 REVB version 2.03, which originates from a failure to properly filter construct command special characters, commands, etc. in the CGl interface apcclientpin.cgi. A remote attacker...

D-Link DSL6740C Path Traversal Vulnerability

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. The D-Link DSL6740C suffers from a path traversal vulnerability that stems from the program failing to properly filter special elements in the path of a resource or file. An attacker could exploit this vulnerability to cau...

D-Link DSL6740C 安全漏洞

The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. The D-Link DSL6740C suffers from a path traversal vulnerability that stems from the program failing to properly filter special elements in the path of a resource or file. An attacker could exploit this vulnerability to cau...

AUO DIR-605L formEasySetupWizard Function Buffer Overflow Vulnerability

The AUO DIR-605L is a wireless router from China's AUO D-Link. The AUO DIR-605L suffers from a buffer overflow vulnerability, which originates from the curTime parameter of the formEasySetupWizard/formEasySetupWizard2 function in the /goform/formEasySetupWizard page that fails to correctly valida...