PT-2023-24503 · Wavlink · Wavlink Wn579X3

Name of the Vulnerable Software and Affected Versions: Wavlink WN579X3 versions up to 20230615 Description: A critical issue has been discovered, affecting an unknown function of the /cgi-bin/adm.cgi file in the Ping Test component. The manipulation of the pingIp argument leads to injection. This...

F5 Networks BIG-IP : iControl SOAP vulnerability (K000130415)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.4 / 15.1.8.2 / 16.1.3.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000130415 advisory. - A format string vulnerability exists in iControl SOAP that allows an authenticated attacker...

CVE-2023-29709

An issue was discovered in /cgi-bin/loginrj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication...

CVE-2023-29709

An issue was discovered in /cgi-bin/loginrj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication...

Design/Logic Flaw

An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload...

PT-2023-22364 · Wavlink · Wavlink Wavrouter

Name of the Vulnerable Software and Affected Versions: WavLink WavRouter version RPT70HA1.x Description: An issue was discovered in "/cgi-bin/adm.cgi" that allows attackers to force a factory reset via a crafted payload. Recommendations: For WavLink WavRouter version RPT70HA1.x, as a temporary...

CVE-2023-29709

An issue was discovered in /cgi-bin/loginrj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication...

Atlassian Wildix WSG24POE 安全漏洞

The Atlassian Wildix WSG24POE is a networking device from Atlassian Australia. A security vulnerability exists in the Atlassian Wildix WSG24POE version 103SP7D190822, which originates from a security issue in cgi-bin/loginrj.cgi that allows an attacker to bypass authentication...

VulnCheck KEV: CVE-2019-20500

D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...

CVE-2023-29709

CVE-2023-29709 affects Wildix WSG24POE 103SP7D190822. A flaw in /cgi-bin/login_rj.cgi enables authentication bypass. CVSS 3.1: 7.5 (HIGH), Network, Low complexity, Privileges NONE, User interaction NONE; Integrity impact HIGH, others NONE. Connected sources confirm the issue; no public fix versio...

USN-6181-1: Ruby vulnerabilities

Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected...

Ubuntu 23.04 : Ruby vulnerabilities (USN-6181-1)

The remote Ubuntu 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6181-1 advisory. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker coul...

SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333. Tran Quang Vu of FPT Software reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...

SYNCK GRAPHICA Mailform Pro CGI 安全漏洞

SYNCK GRAPHICA Mailform Pro CGI is a mail form from SYNCK GRAPHICA Japan. It can be used as a multiple transmission, questionnaire form, and application form. A security vulnerability exists in SYNCK GRAPHICA Mailform Pro CGI version 4.3.1.2 and earlier versions, which stems from the inclusion of...

JVN#70502982: SYNCK GRAPHICA Mailform Pro CGI vulnerable to Regular expression Denial-of-Service (ReDoS)

Mailform Pro CGI provided by SYNCK GRAPHICA contains a Regular expression Denial-of-Service ReDoS vulnerability CWE-1333. Impact A remote attacker may be able to cause a denial-of-service DoS. Solution Update the Software Update the software to the latest version according to the information...

[SECURITY] Fedora 37 Update: php-8.1.20-1.fc37

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 38 Update: php-8.2.7-2.fc38

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Debian DSA-5424-1 : php7.4 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5424 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...

Debian DSA-5425-1 : php8.2 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5425 advisory. It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use...

Zyxel Router Buffer Overflow Vulnerability (DoS)

According to its model number and firmware revision, the remote Zyxel router is affected by a buffer overflow / denial of service vulnerability, due to a flaw in the CGI program. An authenticated, remote attacker can exploit this issue, via a crafted HTTP request, to cause the systeem to stop...