Exploit for CVE-2024-11318

CVE-2024-11318 IDOR - AbsysNet 2.3.1 User Hijacking --- DI...

CVE-2023-37929

The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50ABPM.8C0 could allow an authenticated remote attacker to cause denial of service DoS conditions by sending a crafted HTTP request to a vulnerable device...

CVE-2023-37929

CVE-2023-37929 refers to a buffer overflow in the CGI program of the Zyxel VMG3625-T50B firmware (V5.50(ABPM.8)C0). The vulnerability allows an authenticated remote attacker to trigger denial of service by sending a crafted HTTP request to the affected device. CVSSv3.1 metrics indicate an attacke...

CVE-2024-34582

Sunhillo SureLine on RICI 5000 devices (through 8.10.0) is affected by a cross-site scripting (XSS) vulnerability in the cgi/usrPasswd.cgi userid_change path within the Forgot Password feature. The issue is documented across multiple sources (NVD/Red Hat/EUVD/CVE lists) as a vulnerability in Sunh...

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

CVE-2024-32354

CVE-2024-32354 affects TOTOLINK X5000R (version 9.1.0cu.2350_B20230313). A command injection flaw exists in the setSSServer function via the timeout parameter at /cgi-bin/cstecgi.cgi. Root cause: improper handling/validation of the timeout parameter leading to arbitrary command execution. Impact,...

CVE-2024-32353

CVE-2024-32353 affects TOTOLINK X5000R firmware version 9.1.0cu.2350_B20230313. A command injection exists in the setSSServer API at /cgi-bin/cstecgi.cgi via the port parameter, caused by inadequate input filtering of command characters. Impact is high (arbitrary command execution) with CVSSv3.1:...

CVE-2024-34196

Totolink AC1200 Wireless Dual Band Gigabit Router A3002RUV3 Firmware V3.0.0-B20230809.1615 is vulnerable to Buffer Overflow. The "boa" program allows attackers to modify the value of the "vwlanidx" field via "formMultiAP". This can lead to a stack overflow through the "formWlEncrypt" CGI function...

PT-2024-25733 · Totolink · Totolink Ac1200 Wireless Dual Band Gigabit Router

Name of the Vulnerable Software and Affected Versions: Totolink AC1200 Wireless Dual Band Gigabit Router A3002RU V3 version V3.0.0-B20230809.1615 Description: The issue allows attackers to modify the value of the vwlan idx field via "formMultiAP". This can lead to a stack overflow through the...

CVE-2023-51621

D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

CVE-2023-41228

D-Link DIR-3040 prog.cgi SetUsersSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...

CVE-2023-41216

D-Link DIR-3040 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41186

D-Link DAP-1325 CGI Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to access various functionality on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific fl...

CVE-2023-41222

D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...

CVE-2023-32146

D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. T...

CVE-2023-32144

D-Link DAP-1360 webproc COMMMakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this...

CVE-2023-32138

D-Link DAP-1360 webproc Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific...

CVE-2023-32141

D-Link DAP-1360 webproc WEBDisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability...

CVE-2023-32137

D-Link DAP-1360 webproc WEBDisplayPage Directory Traversal Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerabilit...

CVE-2023-32136

D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...