9786 matches found
httpd: Substitution encoding issue in mod_rewrite
A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...
Exploit for Path Traversal in Apache Http_Server
Apache 2.4.50 - Path Traversal or Remote Code Execution CVE-20...
Panasonic WV-S2231L Camera Denial of Service (CVE-2020-29194)
Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel which will require a physical reset to restore administrative control via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/setfactory URI. This plugin only works with Tenable.ot. Pleas...
CVE-2024-7212
CVE-2024-7212 affects TOTOLINK A7000R (9.1.0u.6268_B20220504). The vulnerability is a buffer overflow in the loginauth function of /cgi-bin/cstecgi.cgi caused by manipulation of the password parameter. It enables remote exploitation with high impact on confidentiality, integrity, and availability...
PT-2024-38173 · Totolink · Totolink A7000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R version 9.1.0u.6268 B20220504 Description: A critical issue was found in the setWizardCfg function of the /cgi-bin/cstecgi.cgi file. The manipulation of the ssid argument leads to buffer overflow. It is possible to launch the...
CVE-2024-7186
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely...
CVE-2024-7183 TOTOLINK A3600R cstecgi.cgi setUploadSetting buffer overflow
A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The...
CVE-2024-7181
A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnetenabled leads to command injection. The attack can be initiated remotely. The...
PT-2024-38146 · Totolink · Totolink A3600R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found, affecting the setUrlFilterRules function of the file /cgi-bin/cstecgi.cgi. The manipulation of the url argument leads to a buffer overflow. This issu...
PT-2024-38142 · Totolink · Totolink A3600R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical vulnerability has been found in the setPortForwardRules function of the /cgi-bin/cstecgi.cgi file. The manipulation of the comment argument leads to a buffer overflow. Thi...
TOTOLINK A3600R 安全漏洞
TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3600R suffers from a buffer overflow vulnerability that originates from the File parameter in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file that fails to correctly validat...
TOTOLINK A3600R 安全漏洞
TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3600R suffers from a buffer overflow vulnerability that originates from improper handling of the FileName parameter in the setUpgradeFW function of the /cgi-bin/cstecgi.cgi file. An attacker...
TOTOLINK A3600R 安全漏洞
TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3600R version 4.1.2cu.5182B20201102, which originates from the priority/macAddress parameter in the setMacQos function of the /cgi-bin/cstecgi.cgi...
TOTOLINK A3700R Command Injection Vulnerability
TOTOLINK A3700R is a wireless router, launched by TOTOLINK China Gion Electronics, a Taiwan-based networking equipment manufacturer. The TOTOLINK A3700R suffers from a command injection vulnerability located in the /cgi-bin/cstecgi.cgi file, which stems from improper handling of the hostName...
PT-2024-38148 · Totolink · Totolink A3600R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found, affecting the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the comment argument leads to buffer overflow. This...
PT-2024-38140 · Totolink · Totolink A3600R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3600R version 4.1.2cu.5182 B20201102 Description: A critical issue has been found, affecting the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. Thi...
CVE-2024-7171
A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The...
CVE-2024-7170
A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /webcste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The...
CVE-2024-7160
A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has...
PT-2024-38122 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical issue has been found, affecting the setWanCfg function of the file /cgi-bin/cstecgi.cgi. The manipulation of the hostName argument leads to command injection. This issue ca...