42 matches found
EUVD-2017-3260
Malware in sbrugna...
Exploit for OS Command Injection in Proscend M330-W_Firmware
CVE-2022-36779 exploit code for Unauthenticated OS...
Milesight UR32L luci2-io file-import firmware update vulnerability
Talos Vulnerability Report TALOS-2023-1852 Milesight UR32L luci2-io file-import firmware update vulnerability May 1, 2024 CVE Number CVE-2023-47166 SUMMARY A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network...
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage
!/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption CVE: CVE-2023-43261 Script Author: Bipin Jitiya @win3zz Vendor: Milesight IoT - https://www.milesight-iot.com/ Formerly Xiamen Ursalink Technology Co., Ltd...
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage Exploit
Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption. !/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password...
Yifan YF325 httpd next_page buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1761 Yifan YF325 httpd nextpage buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-35055,CVE-2023-35056 SUMMARY A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network...
Yifan YF325 httpd nvram.cgi authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...
Yifan YF325 gwcfg_cgi_set_manage_post_data stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1788 Yifan YF325 gwcfgcgisetmanagepostdata stack-based buffer overflow vulnerabilities October 11, 2023 CVE Number CVE-2023-35967,CVE-2023-35968 SUMMARY Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yif...
Yifan YF325 libutils.so nvram_restore stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1763 Yifan YF325 libutils.so nvramrestore stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34365 SUMMARY A stack-based buffer overflow vulnerability exists in the libutils.so nvramrestore functionality of Yifan YF325 v1.020221108...
Milesight UR32L zebra vlan_name function command injection vulnerability
The Milesight UR32L is a Lite industrial cellular router from Milesight. A command injection vulnerability exists in the Milesight UR32L zebra vlanname function, which can be exploited by an attacker to execute arbitrary commands on the system...
Milesight UR32L vtysh_ubus _get_fw_logs OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1712 Milesight UR32L vtyshubus getfwlogs OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22299 SUMMARY An OS command injection vulnerability exists in the vtyshubus getfwlogs functionality of Milesight UR32L v32.3.0.5. A specially crafted...
Milesight UR32L libzebra.so security_decrypt_password buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1715 Milesight UR32L libzebra.so securitydecryptpassword buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24018 SUMMARY A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesigh...
Milesight UR32L libzebra.so bridge_group OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1698 Milesight UR32L libzebra.so bridgegroup OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22306 SUMMARY An OS command injection vulnerability exists in the libzebra.so bridgegroup functionality of Milesight UR32L v32.3.0.5. A specially...
Milesight UR32L vtysh_ubus sprintf pattern buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1716 Milesight UR32L vtyshubus sprintf pattern buffer overflow vulnerabilities July 6, 2023 CVE Number...
Milesight UR32L urvpn_client http_connection_readcb stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1718 Milesight UR32L urvpnclient httpconnectionreadcb stack-based buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24019 SUMMARY A stack-based buffer overflow vulnerability exists in the urvpnclient httpconnectionreadcb functionality of Milesigh...
Milesight UR32L luci2-io file-export mib directory traversal vulnerability
Talos Vulnerability Report TALOS-2023-1695 Milesight UR32L luci2-io file-export mib directory traversal vulnerability July 6, 2023 CVE Number CVE-2023-23547 SUMMARY A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially...
InHand Networks InRouter302 安全漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the console authentication feature...
Robustel R1510 sysupgrade firmware update vulnerability
Talos Vulnerability Report TALOS-2022-1580 Robustel R1510 sysupgrade firmware update vulnerability October 14, 2022 CVE Number CVE-2022-34845 SUMMARY A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can...
Robustel R1510 web_server /ajax/remove/ directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1579 Robustel R1510 webserver /ajax/remove/ directory traversal vulnerability October 14, 2022 CVE Number CVE-2022-33897 SUMMARY A directory traversal vulnerability exists in the webserver /ajax/remove/ functionality of Robustel R1510 3.1.16. A...
Robustel R1510 web_server hashFirst denial of service vulnerability
Talos Vulnerability Report TALOS-2022-1575 Robustel R1510 webserver hashFirst denial of service vulnerability October 14, 2022 CVE Number...