430 matches found
CVE-2019-14920
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etcro/web/adm/systemcommand.asp shell feature...
CVE-2019-14919
An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device...
CVE-2017-18372
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the toolstime.asp page and can be exploited through the...
CVE-2025-2905
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...
CVE-2025-2905
The CVE-2025-2905 entry describes an XML External Entity (XXE) vulnerability in the WSO2 API Manager gateway component due to insufficient validation of XML input. The issue allows unauthenticated remote attackers to read server filesystem files and perform denial-of-service (DoS) attacks. Affect...
CLSA-2025-1741291038 expat: Fix of CVE-2024-28757
CVE-2024-28757: Prevent billion laughs attacks in isolated external parser part of 839 Reject direct parameter entity recursion part of 839...
Bybit Hack: $1.4B Stolen from World’s 2nd Largest Crypto Exchange
In a major cybersecurity incident, Bybit, the world's 2nd-largest crypto exchange suffered a $1.4 billion ETH hack from…...
CVE-2025-1143
Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...
CVE-2025-1143
Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...
CVE-2025-1143 Billion Electric M120N - Use of Hard-coded Credentials
Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...
CVE-2025-1143 Billion Electric M120N - Use of Hard-coded Credentials
Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system...
Billion Electric M100、M150和M120N 信任管理问题漏洞
The Billion Electric M100, among others, is a wireless router from China-based Shengda Electric Billion Electric. The Billion Electric M100, M150, and M120N are vulnerable to a trust management issue vulnerability that stems from embedded Linux credentials that are hardcoded. An attacker could...
How Builder.ai is Democratizing AI for the Next Billion Users
Dubai UAE, UAE, 3rd February 2025, CyberNewsWire...
LangChain < 0.1.35 XXE
The version of LangChain installed on the remote host is prior to 0.1.35. It is, therefore, affected by a XML External Entity XXE vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers o...
The vulnerability of the microprogrammed software of ZyXEL P660HN-T1A and Billion 5200W-T lies in the lack of measures to neutralize special elements, allowing attackers to execute arbitrary code.
The vulnerability of the microprogrammed software of ZyXEL P660HN-T1A and Billion 5200W-T exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability in the implementation of the SSH network protocol for the microprogramming-based software of industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 allows a hacker to execute arbitrary commands.
The vulnerability of the SSH network protocol implementation in the microprogramming-based software for industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the lack of measures to neutralize special elements used in operating system commands...
The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500 lies in the absence of authentication for a critical function. This allows attackers to circumvent security restrictions, gain unauthorized access to protected information, or cause service failures.
The vulnerability of the microprogrammed software in industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent...
The vulnerability of the microprogramming software of industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 lies in the ability to bypass authentication procedures by using an alternative path or channel. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the microprogrammed software in industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 relates to the ability to bypass authentication procedures by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500, related to the storage of passwords in an open manner, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the storage of passwords in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access ...
CVE-2024-11983
Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device...