CVE-2024-33439

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters...

The vulnerability in the genie_bpa.cgi script of Netgear router microprogramming systems such as R8500, XR300, R7000P, and R6400 v2 allows a hacker to cause a service failure.

The vulnerability in the geniebpa.cgi script of Netgear router microprogramming devices such as R8500, XR300, R7000P, and R6400 v2 lies in the copying of buffers without checking the size of the input data during the processing of the bpaserver parameter. Exploiting this vulnerability allows a...

The vulnerability in the l2tp.cgi script of the Netgear R8500, XR300, R7000P, and R6400 v2 router software allows a hacker to cause a service failure.

The vulnerability in the l2tp.cgi script of Netgear routers such as R8500, XR300, R7000P, and R6400 v2 lies in the copying of buffer data without checking the size of the input data during the processing of the l2tpuserip parameter. Exploiting this vulnerability allows a malicious actor to cause...

CVE-2024-33439

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters...

CVE-2024-33439

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters...

CVE-2024-33439

CVE-2024-33439 affects Kasda LinkSmart Router KW5515 (v1.7 and earlier). The issue enables an authenticated remote attacker to execute arbitrary operating system commands via CGI parameters, indicating a remote command execution vulnerability. According to the provided data, the vulnerability is ...

The vulnerability in the bridge_wireless_main.cgi script of the Netgear XR300 router’s software allows a hacker to induce a service failure.

The vulnerability in the bridgewirelessmain.cgi script of the Netgear XR300 router software lies in the copying of buffers without checking the size of the input data during the processing of the ssid parameter. Exploiting this vulnerability allows a malicious actor to cause service failure by...

The vulnerability of the wiz_fix2.cgi script of the Netgear R8500 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the wizfix2.cgi microprogramming software for Netgear R8500 routers lies in the lack of measures to neutralize special elements used in the operating system’s commands when processing the wangateway parameter. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability in the genie_fix2.cgi microprogramming software of Netgear R8500’s routers allows a hacker to execute arbitrary commands.

The vulnerability of the geniefix2.cgi microprogramming software for Netgear R8500 routers lies in the lack of measures to neutralize special elements used in the operating system’s commands when processing the wangateway parameter. Exploiting this vulnerability allows a remote attacker to execut...

The vulnerability in the pppoe2.cgi script of the microprogramming software for Netgear XR300, R7000P, and R6400 v2 allows a hacker to cause a service failure.

The vulnerability in the pppoe2.cgi microprogramming of Netgear XR300, R7000P, and R6400 v2 lies in the copying of buffers without checking the size of input data during the processing of the pppoelocalip parameter. Exploiting this vulnerability allows a malicious actor to cause service failures ...

The vulnerability in the genie_fix2.cgi microprogramming software for Netgear XR300, R7000P, and R6400 v2 allows a hacker to execute arbitrary commands.

The vulnerability of the geniefix2.cgi microprogramming software for Netgear XR300, R7000P, and R6400 v2 lies in the lack of measures taken to neutralize special elements used in the operating system’s commands when processing the wangateway parameter. Exploiting this vulnerability allows a remot...

CVE-2024-11318 IDOR vulnerability in AbsysNet

An IDOR Insecure Direct Object Reference vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint...

PT-2024-9175 · Absysnet · Absysnet

Name of the Vulnerable Software and Affected Versions: AbsysNet version 2.3.1 Description: An IDOR Insecure Direct Object Reference vulnerability has been discovered, which could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifi...

The vulnerability of the CGI microprogramming interface of Zyxel’s GS1900 series routers allows a hacker to cause a service failure.

The vulnerability of the CGI microprogramming interface of Zyxel’s GS1900 series routers lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

The vulnerability of the CGI microprogramming interface of Zyxel’s GS1900 series routers allows attackers to execute arbitrary commands.

The vulnerability of the CGI microprogramming interface of Zyxel routers series GS1900 is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability in the script htdocs/webinc/js/adv_parent_ctrl_map.php of the D-Link DIR-860L, DIR-865L, DIR-868L, DIR-880L routers allows a attacker to execute an XSS attack.

The vulnerability in the script htdocs/webinc/js/advparentctrlmap.php of the D-Link DIR-860L, DIR-865L, DIR-868L, and DIR-880L routers exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows an attacker to execute an XSS attack through the...

The vulnerability of the cgi_user_add function in the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add of D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L allows a hacker to execute arbitrary code.

The vulnerability of the cgiuseradd function in the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd of D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the /cgi/login file in the Administration Panel of Tp-Link MR200 wireless access points allows a intruder to cause a service failure.

The vulnerability of the /cgi/login file in the Administration Panel of Tp-Link MR200 wireless access points is related to the manipulation of the null pointer. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

Fedora 41 : php (2024-a03b06dbd0)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a03b06dbd0 advisory. PHP version 8.3.12 26 Sep 2024 CGI: Fixed bug GHSA-p99j-rfp4-xqvq Bypass of CVE-2024-4577, Parameter Injection Vulnerability. CVE-2024-8926 nielsdos...

VulnCheck KEV: CVE-2024-10914

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument name leads to os...