9771 matches found
PT-2025-43895
Name of the Vulnerable Software and Affected Versions TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description A weakness exists in TOTOLINK A3300R. The issue is related to a buffer overflow in the setDdnsCfg function within the /cgi-bin/cstecgi.cgi file. This can be exploited remotely. The...
CVE-2025-53701
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...
CVE-2025-53702
Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...
CVE-2025-53702
Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...
CVE-2025-53701
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...
CVE-2025-53702
Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...
EUVD-2025-35685
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...
CVE-2025-53701 XSS vulnerability in Vilar VS-IPC1002 IP cameras
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...
CVE-2025-53701 XSS vulnerability in Vilar VS-IPC1002 IP cameras
Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...
EUVD-2025-35686
Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...
CVE-2025-53702 DoS vulnerability in Vilar VS-IPC1002 IP cameras
Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...
Vilar VS-IPC1002 跨站脚本漏洞
Vilar VS-IPC1002 is a webcam from the Chinese company Vilar. A cross-site scripting vulnerability exists in the Vilar VS-IPC1002 version 1.1.0.18, which stems from improper cleanup of the GET request parameter on the /cgi-bin/action endpoint, which could lead to a reflected cross-site scripting...
Vilar VS-IPC1002 安全漏洞
The Vilar VS-IPC1002 is a webcam from the Chinese company Vilar. A security vulnerability exists in the Vilar VS-IPC1002 version 1.1.0.18, which originates from an unauthenticated attacker who can send a specially crafted request to the /cgi-bin/action endpoint, potentially resulting in a denial ...
PT-2025-43512
Name of the Vulnerable Software and Affected Versions Vilar VS-IPC1002 IP cameras affected versions not specified Description Vilar VS-IPC1002 IP cameras are susceptible to Reflected Cross-Site Scripting XSS attacks. This occurs because parameters within GET requests sent to the /cgi-bin/action A...
PT-2025-42828
Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions V4.32 through V5.40 Zyxel USG FLEX series versions V4.50 through V5.40 Zyxel USG FLEX 50W series versions V4.16 through V5.40 Zyxel USG20W-VPN series versions V4.16 through V5.40 Description A missing authorization fl...
CVE-2025-61541
Webmin 2.510 is affected by CVE-2025-61541 due to a Host Header Injection in forgot_send.cgi. The reset link is constructed using the HTTP Host header via get_webmin_email_url(), allowing an attacker to inject a malicious domain into the password reset email. If a victim clicks the poisoned link,...
OPENSUSE-SU-2025:15625-1 perl-CGI-Simple-1.282.0-1.1 on GA media
These are all security issues fixed in the perl-CGI-Simple-1.282.0-1.1 package on the GA media of openSUSE Tumbleweed...
VulnCheck KEV: CVE-2018-11714
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...
CVE-2025-11444
A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launc...
CVE-2025-11444 TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow
A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launc...