CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can lead to...

Netgear RAX43 Buffer Overflow Vulnerability

The Netgear RAX43 is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between them. A buffer overflow vulnerability exists in Netgear RAX43 version 1.0.3.96. The vulnerability is caused by the URL parsing functionality of the...

CVE-2021-20166

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton...

Buffer overflow

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton...

CVE-2021-20166

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton...

CVE-2021-20166

Netgear RAX43 firmware 1.0.3.96 is affected by a buffer overrun in the cgi-bin URL parsing endpoint (CVE-2021-20166). Nuclei templates also describe a related issue: command injection/authentication bypass in readycloud_control.cgi’s name parameter, and note that this vulnerability combines CVE-2...

Netgear RAX43 缓冲区错误漏洞

The Netgear RAX43 is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between them. A buffer overflow vulnerability exists in Netgear RAX43 version 1.0.3.96. The vulnerability is caused by the URL parsing functionality of the...

CVE-2021-20166

Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Valu...

The vulnerability of the cgi-bin/upload_firmware.cgi component of the D–Link DIR-823G router’s microprogramming system allows a hacker to cause a service failure.

The vulnerability of the cgi-bin/uploadfirmware.cgi component of the D–Link DIR-823G router’s microprogramming system is related to the lack of authentication. Exploiting this vulnerability can allow an attacker to cause a service failure...

Gryphon Tower 跨站脚本漏洞

A cross-site scripting vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the url parameter of cgi-bin/luci/siteaccess/, which can be exploited to execute client-side JavaScript...

Cross site scripting

GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/routercgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name...

CVE-2021-44148

GL.iNet GL-AR150 2.x before 3.x devices configured as repeaters are affected by a cross‑site scripting (XSS) vulnerability in cgi-bin/router_cgi?action=scanwifi. An attacker can embed an XSS payload in the SSID name, triggering XSS. This is documented in CVE-2021-44148 (NVD/NVD-derived descriptio...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution CVE-20...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.49 - Path Traversal or Remote Code Execution cve-20...

Dlink DSL2750U - (Reboot) Command Injection Exploit

Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...

IPFire 2.25 Core Update 156 and Prior pakfire.cgi Authenticated RCE

This module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user. Module Options msf use exploit/linux/http/ipfirepakfireexec msf...

VulnCheck KEV: CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...

The vulnerability of QTS web servers for operating systems and QNAP network storage devices allows a hacker to execute arbitrary code.

The vulnerability of the QTS web server for operating systems and QNAP network storage devices is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via CGI scripts from the /mnt/HDAROOT/home/httpd/cgi-bin...

CVE-2020-24285

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx...

Intelbras TIP 200 信息泄露漏洞

Intelbras TIP 200 is an IP phone product from Intelbras, Brazil. The device is an IP terminal that supports up to two SIP accounts and has features such as high voice quality HD Voice, LCD 2x15, and power PoE Power over Ethernet. An information disclosure vulnerability exists in INTELBRAS TELEFON...