9791 matches found
CVE-2023-51019
TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi...
CVE-2023-51020
TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi...
CVE-2023-51021
CVE-2023-51021 affects TOTOLINK EX1800T (version 9.1.0cu.2112_B20220316). The vulnerability is an unauthorized arbitrary command execution in the merge parameter of the setRptWizardCfg interface of the cstecgi.cgi, caused by insufficient input filtering of constructed commands. Impact is high (pe...
CVE-2023-51023
TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘hosttime’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi...
CVE-2023-51012
TOTOLINK EX1800T (version 9.1.0cu.2112_B20220316) is vulnerable to unauthorized arbitrary command execution via the lanGateway parameter in the setLanConfig interface of cstecgi.cgi. Root cause: improper handling of the lanGateway input enables arbitrary command execution. Documented impact is hi...
CVE-2023-51027
TOTOlink EX1800T V9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi...
CVE-2023-51014
CVE-2023-51014 affects TOTOLINK EX1800T with version 9.1.0cu.2112_B20220316. The vulnerability is an unauthorized arbitrary command execution via the lanSecDns parameter in the setLanConfig interface of cstecgi.cgi. The connected documents do not provide patch details or official remediation timi...
CVE-2023-51026
The CVE-2023-51026 entry affects TOTOLINK EX1800T (version 9.1.0cu.2112_B20220316). The vulnerability is an unauthenticated, arbitrary command execution in the hour parameter of the setRebootScheCfg interface of the cstecgi .cgi, caused by improper input handling/filtering. Public sources consist...
CVE-2023-51016
CVE-2023-51016 applies to TOTOLINK EX1800T v9.1.0cu.2112_B20220316, where the setRebootScheCfg interface in cstecgi.cgi permits unauthorized arbitrary command execution. Affected component/function: setRebootScheCfg in cstecgi.cgi; root cause is an exploitable command execution pathway. Reported ...
The vulnerability of the main file function /cgi-bin/cstecgi.cgi?action=login of the TOTOLINK A7100RU router’s software, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the main function in the /cgi-bin/cstecgi.cgi?action=login script of the TOTOLINK A7100RU router’s software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the confidentialit...
PT-2024-4006
Name of the Vulnerable Software and Affected Versions PHP versions 8.1.0 through 8.1.28 PHP versions 8.2.0 through 8.2.19 PHP versions 8.3.0 through 8.3.7 Description An argument injection issue exists in PHP when running on Windows with Apache and PHP-CGI. The flaw occurs because the Windows...
Command injection
A vulnerability was found in Totolink X5000R 9.1.0cu.2300B20230112. It has been rated as critical. This issue affects the function...
CVE-2023-33412
The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...
CVE-2023-33412
The web interface in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targetin...
The vulnerability of the Common Gateway Interface (CGI) interface of ZyXEL VPN, USG FLEX, and ATP microprogramming devices allows attackers to carry out cross-site scripting attacks and gain unauthorized access to protected information.
The vulnerability of the Common Gateway Interface CGI interface of ZyXEL VPN, USG FLEX, and ATP network devices is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks and gain...
CVE-2023-37927
The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...
Input validation
The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...
CVE-2023-37927
The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21AAZF.14C0 and NAS542 firmware version V5.21ABAG.11C0 could allow an authenticated attacker to execute some operating system OS commands by sending a crafted URL to a vulnerable device...
Zyxel USG / ATP / VPN < 5.37 XSS
Firmware version of the Zyxel USG, ATP, or VPN is less than 5.37. This means the Zyxel device is vulnerable to the following cross-site scripting vulnerability: - A cross-site scripting XSS vulnerability in the CGI program could allow an unauthenticated LAN-based attacker to store malicious scrip...
CVE-2023-35139
A cross-site scripting XSS vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50W series firmware versions 5.10 through 5.37, USG20W-VPN series firmware versions 5.10 through 5.37, and VPN...