CVE-2019-25472 IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile to read...

CVE-2020-12262

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...

EUVD-2020-4576

Malware in sbrugna...

EUVD-2007-2350

Malware in sbrugna...

SUSE CVE-2011-1015

The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...

Reolink RLC-410W Access Control Error Vulnerability (CNVD-2022-10735)

Reolink Rlc-410W is a Wifi security camera from Reolink China. cgiserver.cgi cgicheckability in Reolink RLC-410W v3.0.0.13620121102 is vulnerable to an access control error, which can be exploited by attackers to cause a denial of service...

Reolink RLC-410W Access Control Error Vulnerability (CNVD-2022-10725)

Reolink Rlc-410W is a Wifi security camera from Reolink China. cgiserver.cgi cgicheckability in Reolink RLC-410W v3.0.0.13620121102 is vulnerable to an access control error, which can be exploited by an attacker by sending an HTTP request to trigger it, causing a denial of service...

CVE-2021-44381

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPowerLed param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44379

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetAutoMaint param is not object. An attacker can send an HTTP request to trigger this vulnerability...

Cross site request forgery (csrf)

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. DelUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-44372

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetLocalLink param is not object. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-40423

A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

PT-2022-12069 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetLocalLink...

PT-2022-12089 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The GetImage par...

CVE-2020-12262

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...

CVE-2020-13886

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A flaw was found in PHP's CGI server API. If the web server did not set DOCUMENTROOT environment variable for PHP e.g. when running PHP in the FastCGI server mode, an attacker could cause a crash of the PHP child process, causing a temporary denial o...

VulnCheck KEV: CVE-2013-5758

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

CVE-2013-5757

Yealink VoIP Phone SIP-T38G is affected by CVE-2013-5757 (absolute path traversal) via the cgiServer.exx command parameter (dumpConfigFile). The vulnerability allows remote authenticated users to read arbitrary files by supplying a full pathname, with corroborating references describing /etc/pass...

Yealink VoIP Phone SIP-T38G - Remote Command Execution

No description provided by source. Title: Yealink VoIP Phone SIP-T38G Remote Command Execution Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5758 Description: Using cgiServer.exx we are ab...