PT-2021-16521 · Skyworth Digital Technology · Rn510

Name of the Vulnerable Software and Affected Versions: Skyworth Digital Technology RN510 version 3.1.0.4 Description: The issue is related to an incorrect access control vulnerability in the /cgi-bin/test version.asp endpoint. If Wi-Fi is connected and an unauthenticated user visits a specific UR...

CVE-2021-27403

Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow cgi-bin/teaccesorouter.cgi curWebPage XSS...

CVE-2021-27403

Askey RTF8115VW BRSVg11.11RTFTEF001V6.54V014 devices allow cgi-bin/teaccesorouter.cgi curWebPage XSS...

CVE-2021-27403

CVE-2021-27403 affects Asus Askey routers: specifically the RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 family. The vulnerability is a cross-site scripting (XSS) in the web interface, exposed via cgi-bin/te_acceso_router.cgi with curWebPage context. Public descriptions consistently state that th...

Design/Logic Flaw

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management interfac...

Design/Logic Flaw

Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel which will require a physical reset to restore administrative control via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/setfactory URI...

CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...

Code injection

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...

CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook...

Xinuos Openserver Parameter Injection Vulnerability

Xinuos Openserver is a FreeBSD-based operating system from the US company Xinuos. A security vulnerability exists in Xinuos formerly SCO Openserver versions v5 and v6 that allows an attacker to execute arbitrary commands to the cgi-bin printbook via the shell metacharacter outputform or toclevels...

Remote Code Execution

awstats is vulnerable to remote code execution. The vulnerability exists as cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format...

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

Format string

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

Cross site scripting

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...

Directory traversal

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal...

PT-2020-13751 · Intelbras · Intelbras Tip 200 Lite +2

Name of the Vulnerable Software and Affected Versions: Intelbras TIP 200 version 60.61.75.15 Intelbras TIP 200 LITE version 60.61.75.15 Intelbras TIP 300 version 65.61.75.22 Description: The issue allows Directory Traversal via the "cgi-bin/cgiServer.exx" endpoint with the page parameter set to...

ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...

CVE-2020-12123

CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work...

CVE-2020-12126

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint...