Lucene search
K

41 matches found

CVE
CVE
added 2024/10/03 12:0 a.m.61 views

CVE-2024-41588

Affected software: DrayTek Vigor3910 (through 4.3.2.6). Vulnerable endpoints: CGI pages /cgi-bin/v2x00.cgi and /cgi-bin/cgiwcg.cgi. Root cause: Missing bounds checking in POST parameters passed to strncpy, allowing a buffer overflow. Actors: Authenticated users. Impact (as stated): Buffer overflo...

8CVSS6.8AI score0.00319EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/03 12:0 a.m.15 views

CVE-2024-41590

Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6...

7.1AI score0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/03 12:0 a.m.27 views

CVE-2024-41588

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function...

0.00319EPSS
Exploits0References2
CVE
CVE
added 2024/10/03 12:0 a.m.61 views

CVE-2024-41590

CVE-2024-41590 affects DrayTek Vigor310 routers, where the web UI CGI endpoints expose a buffer overflow via missing bounds checks on POST parameters passed to strcpy. Affected firmware includes versions up to 4.3.2.6, and exploitation requires authenticated access. The Red Hat/NCSC/PT-Security e...

8CVSS6.7AI score0.0032EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/03 12:0 a.m.10 views

CVE-2024-41588

The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function...

7.1AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/03 12:0 a.m.6 views

DrayTek Vigor 3910 安全漏洞

The DrayTek Vigor 3910 is a high-performance router for enterprise networks from DrayTek China. A security vulnerability exists in the DrayTek Vigor 3910 version 4.3.2.6 and earlier versions, which stems from the CGI endpoints v2x00.cgi and cgiwcg.cgi being susceptible to buffer overflows from...

8CVSS6.8AI score0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.13 views

PT-2024-7433 · Draytek · Draytek Vigor310

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor310 versions up to 4.3.2.6 Description: The issue is related to a buffer overflow vulnerability in the web interface of DrayTek Vigor routers, caused by a lack of size checking on input data. This can be exploited by a remote...

8CVSS8AI score0.0032EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.6 views

PT-2024-7431 · Draytek · Draytek Vigor 3910

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3910 versions through 4.3.2.6 Description: The issue is related to a buffer overflow vulnerability in the /cgi-bin/v2x00.cgi and /cgi-bin/cgiwcg.cgi CGI endpoints of the DrayTek Vigor3910 devices' web interface. This vulnerabilit...

8CVSS8.1AI score0.00319EPSS
Exploits0References11
VulnCheck KEV
VulnCheck KEV
added 2024/01/21 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can...

10CVSS7.4AI score0.22138EPSS
Exploits1References1
NVD
NVD
added 2023/12/07 6:15 p.m.26 views

CVE-2023-33412

The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...

8.8CVSS0.0122EPSS
Exploits0References1
Prion
Prion
added 2022/09/19 4:15 p.m.17 views

Cross site scripting

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2 endpoints...

5.8CVSS6AI score0.00431EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/19 3:52 p.m.4 views

CVE-2022-40712

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2 endpoints...

6AI score0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/19 3:52 p.m.19 views

CVE-2022-40712

An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2 endpoints...

6.1AI score0.00431EPSS
Exploits0References1
OSV
OSV
added 2021/09/01 6:15 p.m.3 views

CVE-2021-40380

An issue was discovered on Compro IP70 2.087130218, IP570 2.087130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials...

7.5CVSS5.7AI score0.22724EPSS
Exploits3References2
The Hacker News
The Hacker News
added 2021/05/25 7:37 a.m.516 views

New High-Severity Vulnerability Reported in Pulse Connect Secure VPN

Ivanti, the company behind Pulse Secure VPN appliances, has published a security advisory for a high severity vulnerability that may allow an authenticated remote attacker to execute arbitrary code with elevated privileges. "Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote...

10CVSS0.9AI score0.69377EPSS
Exploits9
OSV
OSV
added 2018/12/28 5:29 p.m.5 views

CVE-2018-20577

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

9.1CVSS5.8AI score0.00581EPSS
Exploits1References1
Prion
Prion
added 2018/02/21 2:29 p.m.15 views

Design/Logic Flaw

This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00AWG.3D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability ...

10CVSS9.3AI score0.04035EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/02/21 2:0 p.m.18 views

CVE-2018-1164

This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00AWG.3D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability ...

9.4AI score0.04035EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2018/02/07 12:0 a.m.55 views

Geovision Inc. IP Camera / Video Server Remote Command Execution

!/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all settings of remote IPC with Login/Passwd in cleartext Using: -...

7.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2018/01/23 12:0 a.m.512 views

(0Day) ZyXEL P-870H-51 DSL Router Multiple Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by...

9CVSS8.8AI score0.04035EPSS
Exploits0
Rows per page
Query Builder