Lucene search
K

63 matches found

Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.6 views

PT-2024-38148 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found, affecting the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the comment argument leads to buffer overflow. This...

9CVSS8.8AI score0.01091EPSS
Exploits1References8
NVD
NVD
added 2024/05/03 2:15 a.m.17 views

CVE-2023-32136

D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS9.1AI score0.01155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.4 views

PT-2024-20298 · Telefonica · Movistar 4G Router

Name of the Vulnerable Software and Affected Versions: Movistar 4G router version ES WLD71-T1 v2.0.201820 Description: The issue is a command injection vulnerability that allows an authenticated user to execute commands inside the router. This can be achieved by making a POST request to the API...

7.8CVSS7.6AI score0.00739EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.4 views

PT-2024-1394 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: Totolink N350RT version 9.3.5u.6255 Description: The issue is related to the /cgi-bin/cstecgi.cgi file in the Totolink N350RT router's firmware, which is associated with incorrect session expiration. This can be exploited by a remote attacker...

5.3CVSS4.5AI score0.00591EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/01/07 12:0 a.m.6 views

PT-2024-1056 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: The issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi, where the manipulation of the FileName argument leads to command injection. This can be exploited...

9CVSS7AI score0.04407EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/01/07 12:0 a.m.4 views

PT-2024-1057 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue exists due to the lack of neutralization of special elements in the setUssd function of the /cgi-bin/cstecgi.cgi file. This allows a remote attacker to execute...

10CVSS7.9AI score0.03834EPSS
Exploits1References9
CNNVD
CNNVD
added 2024/01/07 12:0 a.m.5 views

TOTOLINK N350RT 安全漏洞

The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a buffer overflow vulnerability, which originates from the parameter v33 of the function main in /cgi-bin/cstecgi.cgi?action=login&flag=1 that fails to correctly validate the length...

8.8CVSS7.1AI score0.00903EPSS
Exploits1References4
Prion
Prion
added 2023/10/10 3:15 p.m.23 views

Command injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

7.5CVSS9.9AI score0.65799EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/10 2:27 p.m.10 views

CVE-2023-30806 Sangfor Next-Gen Application Firewall PHPSESSID Command Injection

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to...

9.8CVSS9.7AI score0.65799EPSS
Exploits1References3
Talos
Talos
added 2023/07/06 12:0 a.m.33 views

Milesight UR32L luci2-io file-export mib directory traversal vulnerability

Talos Vulnerability Report TALOS-2023-1695 Milesight UR32L luci2-io file-export mib directory traversal vulnerability July 6, 2023 CVE Number CVE-2023-23547 SUMMARY A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially...

6.5CVSS6.8AI score0.01256EPSS
Exploits1
NVD
NVD
added 2022/09/19 4:15 p.m.14 views

CVE-2022-40712

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2 endpoints...

6.1CVSS0.00431EPSS
Exploits0References1
NVD
NVD
added 2021/08/23 5:15 a.m.32 views

CVE-2021-39243

Cross-Site Request Forgery CSRF exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX51...

6.5CVSS0.00535EPSS
Exploits3References2
Prion
Prion
added 2021/08/23 5:15 a.m.22 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX51...

4.3CVSS6.7AI score0.00535EPSS
Exploits3References2Affected Software15
Cvelist
Cvelist
added 2021/08/23 4:24 a.m.29 views

CVE-2021-39243

Cross-Site Request Forgery CSRF exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via any CGI endpoint. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX51...

6.9AI score0.00535EPSS
Exploits3References2
NVD
NVD
added 2020/11/27 12:15 a.m.13 views

CVE-2020-12262

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...

5.4CVSS5.7AI score0.01506EPSS
Exploits1References3
OSV
OSV
added 2020/10/02 9:15 a.m.6 views

CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

9.8CVSS7.6AI score0.75215EPSS
Exploits0References2
Prion
Prion
added 2020/10/02 9:15 a.m.13 views

Design/Logic Flaw

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

10CVSS9.7AI score0.75215EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/08/21 3:15 p.m.16 views

CVE-2020-24057

The management website of the Verint S5120FD VerintFW042 unit features a CGI endpoint 'ipfilter.cgi' that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as...

9CVSS9.2AI score0.05483EPSS
Exploits1References2
Prion
Prion
added 2020/08/21 3:15 p.m.17 views

Command injection

The management website of the Verint S5120FD VerintFW042 unit features a CGI endpoint 'ipfilter.cgi' that allows the user to manage network filtering on the unit. This endpoint is vulnerable to a command injection. An authenticated attacker can leverage this issue to execute arbitrary commands as...

9CVSS9.1AI score0.05483EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/08/21 2:31 p.m.43 views

CVE-2020-24057

The Verint S5120FD (Verint_FW_0_42) management web interface exposes a CGI endpoint ipfilter.cgi that allows network filtering management and is vulnerable to command injection. An authenticated attacker can run arbitrary commands as root, gaining full control over the device. The affected compon...

9CVSS9.2AI score0.05483EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder